Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Frustrating infection


  • This topic is locked This topic is locked

#1
3square

3square

    Member

  • Member
  • PipPip
  • 24 posts
Lent my friend my computer for a week or so, I get it back with some virus on it he didnt bother telling me about. vista security center 2011 or something. I Booted in safe mode and scanned for it and thought i got the virus because im not getting the security popup anymore, but i am getting all these weird popups whenever i use google, and im having strange issues with my flash player as well. I dont know whats causing it but im pretty sure its some kind of malware that i cant seem to nail down, and i could use some help.

OTL Log:

OTL logfile created on: 5/6/2011 8:42:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 74.00 Gb Free Space | 15.89% Space Free | Partition Type: NTFS
Drive D: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 4.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1.86 Gb Total Space | 0.14 Gb Free Space | 7.71% Space Free | Partition Type: FAT

Computer Name: PATMOORE-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 20:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/24 10:34:16 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 09:02:18 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/26 09:17:43 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 09:45:51 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:45:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:45:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/08 08:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 20:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/02 15:14:44 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2010/08/30 15:47:08 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/26 09:17:43 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:45:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/03 01:22:14 | 001,029,456 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/18 15:14:24 | 001,141,712 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/05/04 19:39:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 08:04:15 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:45:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/07 04:31:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/02 09:47:23 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/03 17:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/05 22:22:14 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\atapi.tsk -- (atapi)
DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/26 13:51:02 | 000,333,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2008/11/22 13:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/08/19 23:34:22 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/08/19 23:34:20 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 9A 1A EC 51 B0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {C4D9E47F-583D-43CC-ABBE-992CF490F183}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:36:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C4D9E47F-583D-43CC-ABBE-992CF490F183}: C:\Users\Administrator\AppData\Local\{C4D9E47F-583D-43CC-ABBE-992CF490F183} [2011/03/22 10:14:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 20:29:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/09/10 13:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2009/09/10 13:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/06 19:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions
[2010/06/23 00:34:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/16 17:10:56 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions\[email protected]
[2011/05/06 20:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/03/22 10:14:15 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\{C4D9E47F-583D-43CC-ABBE-992CF490F183}
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/10/20 06:13:01 | 000,421,702 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14566 more lines...
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/09/08 16:13:25 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{4b6717b3-70f3-11de-b095-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4b6717b3-70f3-11de-b095-806e6f6e6963}\Shell\AutoRun\command - "" = D:\FalloutLauncher.exe -- [2008/09/18 13:38:35 | 006,981,048 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{51f1493f-bc47-11de-a276-001fc6a441bc}\Shell - "" = AutoRun
O33 - MountPoints2\{51f1493f-bc47-11de-a276-001fc6a441bc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\{95bfc566-a4b8-11de-8044-001fc6a441bc}\Shell - "" = AutoRun
O33 - MountPoints2\{95bfc566-a4b8-11de-8044-001fc6a441bc}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{f71ffbd7-69ae-11e0-b060-001fc6a441bc}\Shell - "" = AutoRun
O33 - MountPoints2\{f71ffbd7-69ae-11e0-b060-001fc6a441bc}\Shell\AutoRun\command - "" = I:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 20:39:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/06 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/03 06:39:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Pauls FREE photos
[2011/04/18 06:01:16 | 000,000,000 | ---D | C] -- C:\4893a89d0c16b88045
[2011/04/14 19:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/04/14 19:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/04/12 18:56:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Modders Resource
[2011/04/11 22:02:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Art Sem
[2011/04/11 11:36:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (3)
[2011/04/10 21:37:07 | 000,000,000 | ---D | C] -- C:\Fallout 3

========== Files - Modified Within 30 Days ==========

[2011/05/06 20:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/06 20:29:25 | 000,000,870 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/06 20:29:25 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/06 20:16:18 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 20:16:18 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 20:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 20:12:18 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Local\prvlcl.dat
[2011/05/06 20:09:26 | 000,002,082 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/06 20:09:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500UA.job
[2011/05/06 20:07:40 | 000,002,082 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011/05/06 20:07:40 | 000,002,044 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/06 19:36:33 | 000,172,544 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 19:29:18 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/06 19:29:18 | 000,112,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/06 19:09:12 | 075,650,155 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/05/06 19:08:36 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83038BE6-5EBC-4B6A-850B-0FE370D349D0}.job
[2011/05/06 19:05:00 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/06 18:57:12 | 000,063,234 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20110506_185652.reg
[2011/05/06 18:54:20 | 000,003,500 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\bn5b6b462h21s58w
[2011/05/06 18:54:20 | 000,003,500 | -HS- | M] () -- C:\ProgramData\bn5b6b462h21s58w
[2011/05/06 08:04:15 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011/05/06 01:09:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500Core.job
[2011/05/05 18:11:34 | 000,002,255 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2011/05/04 00:22:12 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/03 11:36:44 | 000,214,788 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG_8475.JPG
[2011/05/03 11:36:41 | 000,142,913 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG_8474.jpg
[2011/05/03 11:36:35 | 000,195,889 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG_8472.jpg
[2011/05/03 10:57:26 | 000,001,002 | ---- | M] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS3.lnk
[2011/05/02 10:42:22 | 001,224,635 | ---- | M] () -- C:\Users\Administrator\Desktop\20110502094153_00001.jpg
[2011/05/02 10:39:10 | 001,300,806 | ---- | M] () -- C:\Users\Administrator\Desktop\20110502093857_00001.jpg
[2011/05/02 10:34:06 | 000,562,385 | ---- | M] () -- C:\Users\Administrator\Desktop\20110502093353_00001.jpg
[2011/04/20 08:05:54 | 006,111,462 | ---- | M] () -- C:\Users\Administrator\Desktop\BizFront.pdf
[2011/04/20 07:36:21 | 019,944,329 | ---- | M] () -- C:\Users\Administrator\Desktop\Lib Postcard.psd
[2011/04/18 15:55:42 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/04/18 06:31:43 | 003,602,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/14 10:00:53 | 015,603,854 | ---- | M] () -- C:\Users\Administrator\Desktop\BizFront.psd
[2011/04/14 09:55:05 | 005,396,147 | ---- | M] () -- C:\Users\Administrator\Desktop\BizBack.pdf
[2011/04/10 22:49:54 | 000,000,524 | ---- | M] () -- C:\Users\Administrator\Desktop\FO3Edit.exe - Shortcut.lnk
[2011/04/10 19:58:50 | 000,009,660 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\a0i0vt8pa2754e5654o1e5a36gy81sntculs31
[2011/04/10 19:58:50 | 000,009,660 | -HS- | M] () -- C:\ProgramData\a0i0vt8pa2754e5654o1e5a36gy81sntculs31

========== Files Created - No Company Name ==========

[2011/05/06 20:29:25 | 000,000,870 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/06 20:29:25 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/06 20:29:25 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/06 20:09:26 | 000,002,082 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/06 20:07:40 | 000,002,082 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011/05/06 20:07:40 | 000,002,044 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/06 18:56:56 | 000,063,234 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20110506_185652.reg
[2011/05/06 18:49:22 | 000,003,500 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\bn5b6b462h21s58w
[2011/05/06 18:49:22 | 000,003,500 | -HS- | C] () -- C:\ProgramData\bn5b6b462h21s58w
[2011/05/03 11:30:43 | 000,142,913 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG_8474.jpg
[2011/05/03 11:30:42 | 000,214,788 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG_8475.JPG
[2011/05/03 11:30:42 | 000,195,889 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG_8472.jpg
[2011/05/03 10:57:26 | 000,001,002 | ---- | C] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS3.lnk
[2011/05/03 06:47:04 | 000,562,385 | ---- | C] () -- C:\Users\Administrator\Desktop\20110502093353_00001.jpg
[2011/05/03 06:47:03 | 001,300,806 | ---- | C] () -- C:\Users\Administrator\Desktop\20110502093857_00001.jpg
[2011/05/03 06:47:03 | 001,224,635 | ---- | C] () -- C:\Users\Administrator\Desktop\20110502094153_00001.jpg
[2011/05/01 00:05:38 | 013,792,487 | ---- | C] () -- C:\Users\Administrator\Desktop\01 Aurora (Meet Me in the Stars).mp3
[2011/04/20 07:36:18 | 019,944,329 | ---- | C] () -- C:\Users\Administrator\Desktop\Lib Postcard.psd
[2011/04/14 19:22:56 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/04/14 10:01:21 | 006,111,462 | ---- | C] () -- C:\Users\Administrator\Desktop\BizFront.pdf
[2011/04/14 10:00:53 | 015,603,854 | ---- | C] () -- C:\Users\Administrator\Desktop\BizFront.psd
[2011/04/14 09:55:01 | 005,396,147 | ---- | C] () -- C:\Users\Administrator\Desktop\BizBack.pdf
[2011/04/10 22:49:54 | 000,000,524 | ---- | C] () -- C:\Users\Administrator\Desktop\FO3Edit.exe - Shortcut.lnk
[2011/04/10 19:50:06 | 000,009,660 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\a0i0vt8pa2754e5654o1e5a36gy81sntculs31
[2011/04/10 19:50:06 | 000,009,660 | -HS- | C] () -- C:\ProgramData\a0i0vt8pa2754e5654o1e5a36gy81sntculs31
[2011/03/22 10:14:17 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Okocadosexasux.bin
[2011/03/22 10:14:16 | 000,000,120 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Lyeluyuruwokuq.dat
[2011/03/21 22:36:09 | 000,009,596 | -HS- | C] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 22:36:08 | 000,009,596 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2010/11/14 16:59:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/10/30 12:40:11 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/10/18 22:54:42 | 000,000,198 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\24164.bat
[2010/09/11 20:31:15 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2010/07/07 04:48:57 | 000,032,811 | ---- | C] () -- C:\Windows\scunin.dat
[2010/06/28 15:39:06 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/06/28 12:01:26 | 000,002,503 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ofakuvom.dll
[2010/06/28 11:52:50 | 000,002,503 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ukoluxoc.dll
[2010/04/24 12:19:07 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/04/13 03:29:51 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/04/13 03:29:50 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/04/13 03:29:50 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/04/13 00:43:14 | 000,035,162 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/04/13 00:28:34 | 000,006,859 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/02/18 00:07:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/02/17 23:14:35 | 000,007,806 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\Q8T6845
[2010/01/24 02:32:27 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\prvlcl.dat
[2010/01/16 17:35:21 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2010/01/16 17:35:06 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/01/16 17:35:02 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/01/12 21:53:13 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2009/10/25 17:46:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/20 13:48:16 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/09/21 19:04:56 | 000,011,376 | ---- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2009/07/15 05:33:07 | 000,035,669 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/15 05:32:47 | 000,035,669 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/15 00:53:59 | 000,172,544 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 00:31:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/15 00:30:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/14 23:43:35 | 000,008,298 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 22:30:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/14 22:27:22 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/07/14 21:42:25 | 000,000,552 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d8caps.dat
[2009/07/14 21:22:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 21:13:50 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2008/11/26 13:47:50 | 000,000,615 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,602,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,112,386 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/10 22:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2005/10/14 04:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 04:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 04:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 04:56:50 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 04:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010/03/28 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2009/09/18 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010/10/27 22:15:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Downloaded Installations
[2010/10/26 18:42:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2009/11/12 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2011/02/11 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2010/08/18 02:02:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2011/04/28 10:07:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RayV
[2010/05/24 22:49:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2010/01/12 21:53:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Turbine
[2009/07/15 05:56:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uniblue
[2011/02/11 00:06:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/05/04 00:22:12 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/05/02 06:20:10 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/06 19:08:36 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{83038BE6-5EBC-4B6A-850B-0FE370D349D0}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can resolve this for you

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/03/22 10:14:15 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\{C4D9E47F-583D-43CC-ABBE-992CF490F183}
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2011/05/06 18:54:20 | 000,003,500 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\bn5b6b462h21s58w
    [2011/05/06 18:54:20 | 000,003,500 | -HS- | M] () -- C:\ProgramData\bn5b6b462h21s58w
    [2011/04/10 19:58:50 | 000,009,660 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\a0i0vt8pa2754e5654o1e5a36gy81sntculs31
    [2011/04/10 19:58:50 | 000,009,660 | -HS- | M] () -- C:\ProgramData\a0i0vt8pa2754e5654o1e5a36gy81sntculs31
    [2011/05/06 18:49:22 | 000,003,500 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\bn5b6b462h21s58w
    [2011/05/06 18:49:22 | 000,003,500 | -HS- | C] () -- C:\ProgramData\bn5b6b462h21s58w
    [2011/04/10 19:50:06 | 000,009,660 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\a0i0vt8pa2754e5654o1e5a36gy81sntculs31
    [2011/04/10 19:50:06 | 000,009,660 | -HS- | C] () -- C:\ProgramData\a0i0vt8pa2754e5654o1e5a36gy81sntculs31
    [2011/03/22 10:14:17 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Okocadosexasux.bin
    [2011/03/22 10:14:16 | 000,000,120 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Lyeluyuruwokuq.dat
    [2011/03/21 22:36:09 | 000,009,596 | -HS- | C] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
    [2011/03/21 22:36:08 | 000,009,596 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
    [2010/10/18 22:54:42 | 000,000,198 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\24164.bat
    [2010/06/28 12:01:26 | 000,002,503 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ofakuvom.dll
    [2010/06/28 11:52:50 | 000,002,503 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ukoluxoc.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL logfile created on: 5/7/2011 6:40:01 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 74.32 Gb Free Space | 15.96% Space Free | Partition Type: NTFS
Drive D: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 4.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PATMOORE-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 20:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/24 10:34:16 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 09:02:18 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/26 09:17:43 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 09:45:51 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:45:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:45:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 20:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/02 15:14:44 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2010/08/30 15:47:08 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/26 09:17:43 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:45:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/03 01:22:14 | 001,029,456 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/18 15:14:24 | 001,141,712 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/05/04 19:39:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 08:04:15 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:45:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/07 04:31:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/02 09:47:23 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/03 17:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/05 22:22:14 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\atapi.tsk -- (atapi)
DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/26 13:51:02 | 000,333,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2008/11/22 13:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/08/19 23:34:22 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/08/19 23:34:20 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 9A 1A EC 51 B0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher[email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {C4D9E47F-583D-43CC-ABBE-992CF490F183}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:36:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C4D9E47F-583D-43CC-ABBE-992CF490F183}: C:\Users\Administrator\AppData\Local\{C4D9E47F-583D-43CC-ABBE-992CF490F183}
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 20:29:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/09/10 13:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2009/09/10 13:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/06 19:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions
[2010/06/23 00:34:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/16 17:10:56 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions\[email protected]
[2011/05/06 20:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/07 18:30:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/09/08 16:13:25 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{4b6717b3-70f3-11de-b095-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4b6717b3-70f3-11de-b095-806e6f6e6963}\Shell\AutoRun\command - "" = D:\FalloutLauncher.exe -- [2008/09/18 13:38:35 | 006,981,048 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{51f1493f-bc47-11de-a276-001fc6a441bc}\Shell - "" = AutoRun
O33 - MountPoints2\{51f1493f-bc47-11de-a276-001fc6a441bc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\{95bfc566-a4b8-11de-8044-001fc6a441bc}\Shell - "" = AutoRun
O33 - MountPoints2\{95bfc566-a4b8-11de-8044-001fc6a441bc}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{f71ffbd7-69ae-11e0-b060-001fc6a441bc}\Shell - "" = AutoRun
O33 - MountPoints2\{f71ffbd7-69ae-11e0-b060-001fc6a441bc}\Shell\AutoRun\command - "" = I:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 18:34:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Logs
[2011/05/07 18:30:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 18:29:36 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/06 20:39:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/06 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/03 06:39:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Pauls FREE photos
[2011/04/18 06:01:16 | 000,000,000 | ---D | C] -- C:\4893a89d0c16b88045
[2011/04/14 19:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/04/14 19:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/04/12 18:56:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Modders Resource
[2011/04/11 22:02:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Art Sem
[2011/04/11 11:36:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (3)
[2011/04/10 21:37:07 | 000,000,000 | ---D | C] -- C:\Fallout 3

========== Files - Modified Within 30 Days ==========

[2011/05/07 18:39:17 | 075,723,685 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/05/07 18:33:44 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 18:33:44 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 18:33:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 18:30:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/07 18:29:36 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/07 18:09:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500UA.job
[2011/05/07 10:36:31 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83038BE6-5EBC-4B6A-850B-0FE370D349D0}.job
[2011/05/07 02:56:26 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/07 02:56:26 | 000,112,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/07 01:12:18 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Local\prvlcl.dat
[2011/05/07 01:09:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500Core.job
[2011/05/06 23:31:45 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/06 23:23:36 | 000,000,846 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/05/06 20:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/06 20:29:25 | 000,000,870 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/06 20:29:25 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/06 20:09:26 | 000,002,082 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/06 20:07:40 | 000,002,082 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011/05/06 20:07:40 | 000,002,044 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/06 19:36:33 | 000,172,544 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 18:57:12 | 000,063,234 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20110506_185652.reg
[2011/05/06 08:04:15 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011/05/05 18:11:34 | 000,002,255 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2011/05/04 00:22:12 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/03 11:36:44 | 000,214,788 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG_8475.JPG
[2011/05/03 11:36:41 | 000,142,913 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG_8474.jpg
[2011/05/03 11:36:35 | 000,195,889 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG_8472.jpg
[2011/05/03 10:57:26 | 000,001,002 | ---- | M] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS3.lnk
[2011/05/02 10:42:22 | 001,224,635 | ---- | M] () -- C:\Users\Administrator\Desktop\20110502094153_00001.jpg
[2011/05/02 10:39:10 | 001,300,806 | ---- | M] () -- C:\Users\Administrator\Desktop\20110502093857_00001.jpg
[2011/05/02 10:34:06 | 000,562,385 | ---- | M] () -- C:\Users\Administrator\Desktop\20110502093353_00001.jpg
[2011/04/20 08:05:54 | 006,111,462 | ---- | M] () -- C:\Users\Administrator\Desktop\BizFront.pdf
[2011/04/20 07:36:21 | 019,944,329 | ---- | M] () -- C:\Users\Administrator\Desktop\Lib Postcard.psd
[2011/04/18 15:55:42 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/04/18 06:31:43 | 003,602,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/14 10:00:53 | 015,603,854 | ---- | M] () -- C:\Users\Administrator\Desktop\BizFront.psd
[2011/04/14 09:55:05 | 005,396,147 | ---- | M] () -- C:\Users\Administrator\Desktop\BizBack.pdf
[2011/04/10 22:49:54 | 000,000,524 | ---- | M] () -- C:\Users\Administrator\Desktop\FO3Edit.exe - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/05/06 23:23:36 | 000,000,846 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/05/06 20:29:25 | 000,000,870 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/06 20:29:25 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/06 20:29:25 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/06 20:09:26 | 000,002,082 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/06 20:07:40 | 000,002,082 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011/05/06 20:07:40 | 000,002,044 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/06 18:56:56 | 000,063,234 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20110506_185652.reg
[2011/05/03 11:30:43 | 000,142,913 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG_8474.jpg
[2011/05/03 11:30:42 | 000,214,788 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG_8475.JPG
[2011/05/03 11:30:42 | 000,195,889 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG_8472.jpg
[2011/05/03 10:57:26 | 000,001,002 | ---- | C] () -- C:\Users\Administrator\Desktop\Adobe Photoshop CS3.lnk
[2011/05/03 06:47:04 | 000,562,385 | ---- | C] () -- C:\Users\Administrator\Desktop\20110502093353_00001.jpg
[2011/05/03 06:47:03 | 001,300,806 | ---- | C] () -- C:\Users\Administrator\Desktop\20110502093857_00001.jpg
[2011/05/03 06:47:03 | 001,224,635 | ---- | C] () -- C:\Users\Administrator\Desktop\20110502094153_00001.jpg
[2011/05/01 00:05:38 | 013,792,487 | ---- | C] () -- C:\Users\Administrator\Desktop\01 Aurora (Meet Me in the Stars).mp3
[2011/04/20 07:36:18 | 019,944,329 | ---- | C] () -- C:\Users\Administrator\Desktop\Lib Postcard.psd
[2011/04/14 19:22:56 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/04/14 10:01:21 | 006,111,462 | ---- | C] () -- C:\Users\Administrator\Desktop\BizFront.pdf
[2011/04/14 10:00:53 | 015,603,854 | ---- | C] () -- C:\Users\Administrator\Desktop\BizFront.psd
[2011/04/14 09:55:01 | 005,396,147 | ---- | C] () -- C:\Users\Administrator\Desktop\BizBack.pdf
[2011/04/10 22:49:54 | 000,000,524 | ---- | C] () -- C:\Users\Administrator\Desktop\FO3Edit.exe - Shortcut.lnk
[2010/11/14 16:59:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/10/30 12:40:11 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/11 20:31:15 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2010/07/07 04:48:57 | 000,032,811 | ---- | C] () -- C:\Windows\scunin.dat
[2010/06/28 15:39:06 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/24 12:19:07 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/04/13 03:29:51 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/04/13 03:29:50 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/04/13 03:29:50 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/04/13 00:43:14 | 000,035,162 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/04/13 00:28:34 | 000,006,859 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/02/18 00:07:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/02/17 23:14:35 | 000,007,806 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\Q8T6845
[2010/01/24 02:32:27 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\prvlcl.dat
[2010/01/16 17:35:21 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2010/01/16 17:35:06 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/01/16 17:35:02 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/01/12 21:53:13 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2009/10/25 17:46:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/20 13:48:16 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/09/21 19:04:56 | 000,011,376 | ---- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2009/07/15 05:33:07 | 000,035,669 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/15 05:32:47 | 000,035,669 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/15 00:53:59 | 000,172,544 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 00:31:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/15 00:30:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/14 23:43:35 | 000,008,298 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 22:30:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/14 22:27:22 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/07/14 21:42:25 | 000,000,552 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d8caps.dat
[2009/07/14 21:22:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 21:13:50 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2008/11/26 13:47:50 | 000,000,615 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,602,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,112,386 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/10 22:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2005/10/14 04:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 04:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 04:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 04:56:50 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 04:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010/03/28 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2009/09/18 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010/10/27 22:15:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Downloaded Installations
[2010/10/26 18:42:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2009/11/12 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2011/02/11 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2010/08/18 02:02:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2011/04/28 10:07:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RayV
[2010/05/24 22:49:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2010/01/12 21:53:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Turbine
[2009/07/15 05:56:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uniblue
[2011/02/11 00:06:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/05/04 00:22:12 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/05/07 18:32:14 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/07 10:36:31 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{83038BE6-5EBC-4B6A-850B-0FE370D349D0}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-07 18:43:52
-----------------------------
18:43:52.071 OS Version: Windows 6.0.6002 Service Pack 2
18:43:52.071 Number of processors: 2 586 0x4303
18:43:52.072 ComputerName: PATMOORE-PC UserName:
18:43:54.124 Initialize success
18:43:58.904 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5
18:43:58.906 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
18:44:00.915 Disk 0 MBR read successfully
18:44:00.917 Disk 0 MBR scan
18:44:00.919 Disk 0 unknown MBR code
18:44:02.922 Disk 0 scanning sectors +976771072
18:44:02.953 Disk 0 scanning C:\Windows\system32\drivers
18:44:08.477 Service scanning
18:44:10.200 Disk 0 trace - called modules:
18:44:10.230 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.tsk
18:44:10.233 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868d50d0]
18:44:10.236 3 CLASSPNP.SYS[8999d8b3] -> nt!IofCallDriver -> [0x868d5998]
18:44:10.239 5 PCTCore.sys[842b588f] -> nt!IofCallDriver -> [0x866995d8]
18:44:10.242 7 acpi.sys[8415f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0x866c78a0]
18:44:10.252 Scan finished successfully
18:44:20.164 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
18:44:20.169 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
  • 0

#4
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Couple more things ive recently noticed, im not sure how helpful they are but i figure i would let you know anyway, first, ive noticed multiple instances of IE popping up on my processes, i use chrome so there is almost never one instance of it let alone multiple ones. Also, using google in chrome seems to work just fine, but after trying it in firefox i get the weird popup(its a browser popup called "proc:click" and contains a bunch of text) and i occasionally get redirected from clicking on a result. When using IE i get the redirect, but no popup. Adding to the strangeness, my Flash seems to work flawlessly in firefox, but in IE i get a prompt saying i need to upgrade flash, and in chrome i simply get a small message saying "missing plugin" I know my flash is up to date.

Anyway, thanks for the help, its much appreciated.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets look a bit deeper

First we will run a virus scan

On the first tab select all elements down to and including Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#6
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
there is nothing in the autoscan report, just a task started, and task complete

Here is the system info

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this I will need to run combofix, this will entail uninstalling AVG

  • Re-run AVPTool
  • Select the Manual Disinfection tab
  • Where it states Step 3 paste in the following disinfection script and press execute

    begin
    SetAVZPMStatus(True);
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DeleteFile('C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IMG_2450.jpg');
     BC_DeleteFile('C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IMG_2450.jpg');
     DeleteFile('C:\Users\ADMINI~1\AppData\Local\Temp\15AC.tmp');
     BC_DeleteFile('C:\Users\ADMINI~1\AppData\Local\Temp\15AC.tmp');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

Posted Image

THEN

Download to your desktop a fresh copy of AVG
Download to your desktop AVG removal tool
Download to your desktop ComboFix from one of these locations:
Link 1
Link 2

Disconnect from the net
Uninstall AVG via Control Panel Programs and features
Reboot
Run the AVG removal tool
Reboot
Run Combofix
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#8
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
here are the requested files

ComboFix 11-05-04.04 - Administrator 05/09/2011 18:43:04.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1285 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 23:57 . 2011-05-09 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 23:01 . 2011-05-09 23:30 -------- d-----w- c:\programdata\AVG10
2011-05-09 22:28 . 2011-05-09 23:22 -------- d-----w- c:\programdata\MFAData
2011-05-09 22:15 . 2011-05-09 22:15 11264 ----a-w- c:\windows\system32\drivers\uze4odq4.sys
2011-05-08 16:36 . 2011-05-09 22:20 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-07 23:30 . 2011-05-07 23:30 -------- d-----w- C:\_OTL
2011-05-06 23:48 . 2011-05-06 23:48 192512 --sha-w- c:\windows\system32\2mipd.dll
2011-04-27 03:53 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 03:53 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 03:52 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-18 11:01 . 2011-04-18 11:03 -------- d-----w- C:\4893a89d0c16b88045
2011-04-15 00:22 . 2011-05-07 04:31 -------- d-----w- c:\program files\World of Warcraft
2011-04-11 02:37 . 2011-04-12 03:46 -------- d-----w- C:\Fallout 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-07 00:49 . 2010-05-30 20:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-03 15:40 . 2011-04-27 03:53 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 03:53 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 03:53 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 03:53 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 00:33 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-14 16:26 . 2011-05-07 01:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"Octoshape Streaming Services"="c:\users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-11-30 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 18:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-11-15 01:54 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 18:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-20 7408]
R3 ute4odq4;AVZ Kernel Driver;c:\windows\system32\Drivers\ute4odq4.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-03 1029456]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-07 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-20 55024]
S1 uze4odq4;AVZ-RK Kernel Driver;c:\windows\system32\Drivers\uze4odq4.sys [2011-05-09 11264]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2008-11-26 333824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 06:22]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 23:57]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 23:57]
.
2011-05-09 c:\windows\Tasks\User_Feed_Synchronization-{83038BE6-5EBC-4B6A-850B-0FE370D349D0}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 18:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,dd,76,98,05,d5,c3,48,b4,54,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,dd,76,98,05,d5,c3,48,b4,54,a0,\
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aif"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aifc"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aiff"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cda"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PaintDotNet.exe"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Winword.exe"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itb"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4a"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.mp2"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.mp3"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NetImmerseFile"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdn\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Paint.NET.1"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SC2Replay\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wav"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv_e_1233158593_h_1d47b86e8c89d78c2aba9216bd2a5e7a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\SecuROM\License information*]
"datasecu"=hex:1b,bd,fd,63,87,e2,e4,97,ad,4b,e6,2c,8a,7e,af,3b,cc,49,4b,d8,71,
71,5a,dc,d8,5f,34,7a,7a,fd,d3,52,e6,c5,fe,4a,7d,ad,22,71,43,50,59,e2,33,18,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
Completion time: 2011-05-09 19:01:38
ComboFix-quarantined-files.txt 2011-05-10 00:01
.
Pre-Run: 81,925,148,672 bytes free
Post-Run: 80,809,111,552 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=40 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40
- - End Of File - - 17ABBF8FD053A2A1D971991B19F490F3

Attached Files


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reinstall AVG now and what are your current problems ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#10
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No change in symptoms,

MBAM didnt find anything but heres the log anyway.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6548

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/10/2011 2:52:26 PM
mbam-log-2011-05-10 (14-52-26).txt

Scan type: Quick scan
Objects scanned: 144867
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you give me an instance of the popups your are getting please

Also download the FlashPlayer uninstaller from here
Uninstall all flash
Then download a fresh copy from here this is the IE version
For the FF/Chrome version click the Different operating system or browser? link on the same page and follow the instructions there
  • 0

#12
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
working on the flash stuff

In the meantime, attached is a screenshot of the popup in Firefox.

Attached Thumbnails

  • Popup.jpg

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is this in Firefox ? And are you using 4.1 ?
  • 0

#14
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
yes to both
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok I think I may have found it - this is new

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL


    :Services

    :Reg

    :Files
    ipconfig /flushdns /c
    c:\windows\system32\2mipd.dll

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP