Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MBR Root Kit and IRP Hook


  • This topic is locked This topic is locked

#1
krpa-d-em

krpa-d-em

    Member

  • Member
  • PipPip
  • 40 posts
I'm running Windows XP Home Edition on a 2006 Dell PC. Here are three 2011 Free AVG notifications and I have also included an OTL log. Any help to rid this nasty from my computer would be greatly appreciated. Thank you. This is my central computer of a three PC and one laptop network I created. I have no problems with any of the other computers on my network. I have disconnected the infected computer from the Internet.

Also, there is a SVChost.exe processes that is using a considerable amount of CPU on the infected computer and and maxing out the system at times.

FIRST NOTIFICATION
5.20.11 AVG 2011 Free Rootkit Scan (COULD NOT REMOVE)
OBJECT NAME - MBR
DETECTION NAME - Rotkit.TDSS.TDL4
OBJECT IS HIDDEN
SDK TYPE - Rootkit

SECOND NOTIFICATION
5.20.11 AVG 2011 Free Rootkit Scan (COULD NOT REMOVE)
OBJECT NAME (unknown)
DETECTION NAME: IRP Hook/Driver\ATAP\Driver Start Io-7 OxAoDD334
SDK TYPE - Rootkit
OBJECT IS HIDDEN

THIRD AVG NOTIFICATION by RESIDENT SHIELD
THREAT WAS BLOCKED
bfwAST.Com\main.php? A= A bE32f3b6E7C 1601
EXPLOIT BLACKHOLE EXPLOIT KIT (Type 2016)
Process Name: C:\Windows\System32\Svchost.exe
Process ID: 1060


OTL logfile created on: 5/21/2011 1:37:59 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\DOCUME~1\Owner\Desktop\COMPUT~1
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 16.25 Gb Free Space | 21.82% Space Free | Partition Type: NTFS

Computer Name: LBB | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 23:58:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\computer maintenance\OTL.scr
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/03 00:27:24 | 000,050,800 | ---- | M] (Corel Corporation) -- C:\Program Files\WordPerfect Office X3\Programs\wpwin13.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 23:58:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\computer maintenance\OTL.scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/11 19:11:07 | 000,587,096 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2008/09/24 14:01:44 | 000,033,024 | ---- | M] (Windows Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AmbaWebcam.sys -- (AMBAWEBCAM)
DRV - [2008/09/24 14:01:44 | 000,024,320 | ---- | M] (Windows Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AmbaAudio.sys -- (AmbaAudio)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\..\URLSearchHook: {DAB46A0D-8939-4056-B80C-028DCE8999EF} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....fr=ytff-tyc&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3C908268-727D-4CDD-B898-DF10DD0C2CCA}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{3C908268-727D-4CDD-B898-DF10DD0C2CCA}: C:\Documents and Settings\Owner\Local Settings\Application Data\{3C908268-727D-4CDD-B898-DF10DD0C2CCA} [2011/05/14 22:07:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/11 22:04:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/20 11:08:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 17:11:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/17 11:06:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.14\extensions\\Components: C:\Program Files\SeaMonkey\components [2011/04/30 11:10:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.14\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011/05/17 11:06:03 | 000,000,000 | ---D | M]

[2008/09/09 18:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/04/16 19:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/05/20 11:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\927g5llq.default\extensions
[2010/06/26 13:43:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\927g5llq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/11 12:31:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\927g5llq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/13 21:53:23 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\927g5llq.default\extensions\[email protected]
[2011/05/19 13:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\SeaMonkey\Profiles\2if3euh2.default\extensions
[2011/03/12 12:23:36 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Owner\Application Data\Mozilla\SeaMonkey\Profiles\2if3euh2.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/03/12 12:23:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\SeaMonkey\Profiles\2if3euh2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\927g5llq.default\searchplugins\MySpace.xml
[2011/05/20 11:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 10:04:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 10:18:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/08 11:48:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 12:18:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/14 22:07:57 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{3C908268-727D-4CDD-B898-DF10DD0C2CCA}
[2011/05/20 11:08:18 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/11 22:04:58 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/01/28 11:28:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/02 19:00:30 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2E6F4C13-49FB-4DF3-B601-030D1D470E32} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe (Eberhard Werle)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1273951367640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/17 01:05:21 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0013c400-2849-11dd-b1dd-001111cc81cf}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 11:27:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/20 11:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2011/05/20 11:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/05/20 11:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/20 11:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/20 11:06:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/19 19:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/19 19:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\AVG Anti-Virus
[2011/05/17 10:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/17 10:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/16 23:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/16 23:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/15 01:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/15 01:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/14 22:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{3C908268-727D-4CDD-B898-DF10DD0C2CCA}
[2011/05/14 22:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aP06509EpEjO06509
[2011/05/11 22:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HPAppData
[2011/05/11 22:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/05/11 22:05:44 | 000,966,656 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtiop6.dll
[2011/05/11 22:05:44 | 000,716,288 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax7.dll
[2011/05/11 22:05:44 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2011/05/11 22:05:44 | 000,315,392 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwvst01.dll
[2011/05/11 22:05:44 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/05/11 22:01:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/05/11 22:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/05/11 13:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JUST HOST
[2011/05/06 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sohfor renee
[2011/05/05 18:57:33 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/21 11:39:02 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/05/21 10:40:55 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/05/21 10:34:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 11:23:30 | 115,464,652 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/19 13:22:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/19 13:04:41 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sound Recorder.lnk
[2011/05/19 12:53:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/18 10:17:24 | 000,003,002 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110518_101703.reg
[2011/05/17 23:12:10 | 000,000,313 | ---- | M] () -- C:\WINDOWS\ViewNX.INI
[2011/05/17 22:31:57 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/05/17 16:00:47 | 000,003,754 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110517_160043.reg
[2011/05/17 13:33:59 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to wpwin13.exe.lnk
[2011/05/15 04:33:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/05/14 23:47:32 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/05/14 22:07:59 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Sporozolocemuv.dat
[2011/05/14 22:07:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xtegik.bin
[2011/05/14 12:24:06 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/05/11 23:54:19 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 23:54:19 | 000,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/11 22:11:05 | 000,170,596 | ---- | M] () -- C:\WINDOWS\hpwins27.dat
[2011/05/11 22:07:22 | 000,171,315 | ---- | M] () -- C:\WINDOWS\hpwins27.dat.temp
[2011/05/11 18:25:10 | 000,002,963 | ---- | M] () -- C:\WINDOWS\System32\WebEx Document Sharing Port
[2011/05/09 10:58:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/08 17:27:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 14:56:21 | 000,444,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/05 14:56:21 | 000,072,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/02 12:54:14 | 000,003,908 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110502_125404.reg
[2011/04/23 16:49:17 | 000,052,406 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Polar Bear Letter Head.odt
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 11:23:30 | 115,464,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/20 11:07:36 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2011/05/18 10:17:04 | 000,003,002 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110518_101703.reg
[2011/05/17 16:00:45 | 000,003,754 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110517_160043.reg
[2011/05/17 13:34:38 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Shortcut to wpwin13.exe.lnk
[2011/05/17 13:33:59 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to wpwin13.exe.lnk
[2011/05/17 11:06:04 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/16 23:14:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/14 23:47:32 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/05/14 22:07:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sporozolocemuv.dat
[2011/05/14 22:07:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xtegik.bin
[2011/05/11 21:47:24 | 000,170,596 | ---- | C] () -- C:\WINDOWS\hpwins27.dat
[2011/05/11 21:47:23 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat
[2011/05/11 18:04:51 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\WebEx Document Sharing Port
[2011/05/09 10:58:57 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/09 10:58:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/05/02 12:54:08 | 000,003,908 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110502_125404.reg
[2010/10/07 14:08:29 | 000,171,315 | ---- | C] () -- C:\WINDOWS\hpwins27.dat.temp
[2010/10/07 14:08:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat.temp
[2010/09/01 15:47:34 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.pls
[2009/08/01 21:15:29 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/07/02 19:03:51 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/07/02 18:29:45 | 000,098,136 | ---- | C] () -- C:\WINDOWS\gzip.exe
[2009/07/02 16:11:01 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2009/06/08 12:07:53 | 000,112,532 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2009/06/08 12:07:52 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2009/06/06 16:54:14 | 000,104,182 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2009/06/06 16:54:14 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2009/06/06 16:45:24 | 000,104,182 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2009/06/06 16:45:24 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2009/04/09 12:04:58 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\639266C0B9.sys
[2009/04/09 12:04:56 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/03/13 21:40:53 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/13 20:39:26 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2009/03/13 20:39:25 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\Lame_enc.dll
[2009/03/13 20:39:21 | 000,641,021 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/03/13 20:39:21 | 000,001,664 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/02/02 11:33:22 | 000,001,982 | ---- | C] () -- C:\WINDOWS\inuyijiw.dll
[2009/01/31 22:32:34 | 000,002,990 | ---- | C] () -- C:\WINDOWS\ijevihepay.dll
[2009/01/31 22:31:44 | 000,002,990 | ---- | C] () -- C:\WINDOWS\igutokesiko.dll
[2008/10/25 14:20:18 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\639266C0B9.sys
[2008/09/15 19:18:26 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2008/08/30 22:21:05 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2008/08/30 22:21:05 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CE9166
[2008/08/04 17:35:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plugins
[2008/08/04 17:35:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Planets
[2008/08/04 17:35:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2008/08/04 17:35:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Podcasting
[2008/08/04 17:35:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Plants
[2008/08/04 17:28:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/07/18 20:45:32 | 000,000,313 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/07/18 18:46:11 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Help
[2008/07/18 18:46:11 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Guitar
[2008/07/18 18:46:11 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/07/18 18:44:11 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\HAL
[2008/07/18 18:44:11 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Graphics
[2008/07/18 18:44:11 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/05/17 13:14:14 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/03 14:56:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/12/30 01:09:18 | 000,000,094 | ---- | C] () -- C:\WINDOWS\RCASMVVC.ini
[2007/12/18 12:38:57 | 000,009,497 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/12/18 10:09:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/12/17 14:45:26 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/12/17 14:45:26 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B9C0669263.sys
[2007/12/17 13:16:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/15 07:31:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP120JPR.{PB
[2007/12/15 07:31:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP120JCM.{PB
[2007/12/14 23:23:40 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/14 22:50:32 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/12/14 22:35:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/12/14 22:25:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/14 22:20:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/12/14 17:12:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/14 17:11:49 | 000,254,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/13 16:19:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/12 10:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 10:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 10:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 10:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 10:03:20 | 000,444,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 10:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 10:03:19 | 000,072,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 10:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 09:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 09:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 09:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 09:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 284 bytes -> C:\WINDOWS\system32:,|pctlsp.log
@Alternate Data Stream - 284 bytes -> C:\WINDOWS\system32:,|'pctlsp.log
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9A77133
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F4198F

< End of report >
  • 0

Advertisements


#2
krpa-d-em

krpa-d-em

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I know you guys at Geeks To Go are busy and I understand if you were not able to get to my problem. If anyone reads this, here's how it was fixed. About three days later the entire system crashed and would no longer boot on its own. I used my original Windows XP disc and then started the Windows XP Recovery Console. I then fixed my master boot record by using the Fixmbr command. Windows booted up perfectly and AVG is no longer finding any viruses or root kits.
  • 0

#3
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP