Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect virus

Started by Fairytale Studio , Jun 24 2011 02:06 PM

This topic is locked

#1
Fairytale Studio

Posted 24 June 2011 - 02:06 PM

Member

Member
17 posts

Hi,
I have the redirecting virus as well. Possible malware too. Everytime I google for something it doesn't take me to the site. Now it wont even run Firefox, I had to use internet explorer.
Thanks, David

OTL logfile created on: 6/24/2011 3:21:39 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\David\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 74.17% Memory free
4.84 Gb Paging File | 4.27 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 11.01 Gb Free Space | 14.79% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 167.50 Gb Free Space | 17.98% Space Free | Partition Type: NTFS

Computer Name: RAPTOR | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 18:08:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\My Documents\Downloads\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] () -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] () -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/11 15:08:02 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/01 21:53:36 | 002,684,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
PRC - [2009/09/01 05:00:11 | 000,075,048 | R--- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 18:08:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 05:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Auto | Stopped] -- -- (WebUpdate)
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [Auto | Stopped] -- -- (nlsX86cc)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Auto | Stopped] -- -- (astcc)
SRV - File not found [Auto | Stopped] -- -- (ASFAgent)
SRV - [2011/06/23 17:23:41 | 000,655,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/27 05:08:14 | 000,068,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD)
SRV - [2007/03/03 00:56:17 | 000,072,704 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005/07/06 17:55:02 | 000,053,248 | ---- | M] (Dell) [Auto | Stopped] -- c:\Program Files\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/28 01:22:07 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/28 01:22:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/11/28 01:22:07 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/01 17:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/24 15:34:31] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008/04/14 01:16:10 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/14 01:16:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/04/14 01:02:52 | 000,196,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/08/11 10:22:02 | 000,009,344 | ---- | M] (Canon Inc. All rights reserved) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvcr.sys -- (vvcr)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/09/29 08:09:16 | 000,032,640 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\accskmd.sys -- (ACCSKMD)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/04/01 18:40:00 | 000,092,571 | R--- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\afamgt.sys -- (AFAmgt)
DRV - [2002/12/18 06:31:06 | 000,036,064 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AddThis"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...ff50ie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.addthi...ocale=en-US&q="

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/07/01 23:18:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/23 15:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 04:16:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 20:12:24 | 000,000,000 | ---D | M]

[2008/08/27 22:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2011/05/23 18:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\o8op75tn.default\extensions
[2011/06/24 02:44:38 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\o8op75tn.default\searchplugins\aimsearch-1.xml
[2008/05/17 20:10:28 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\o8op75tn.default\searchplugins\aimsearch.src
[2008/04/28 22:38:36 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\o8op75tn.default\searchplugins\aimsearch.xml
[2011/05/17 19:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/11 23:32:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/17 19:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/02/10 20:37:29 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O8OP75TN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/23 15:23:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/03/08 03:33:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/05/07 00:22:26 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/04/16 03:16:48 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1256718545046 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/David/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/16 18:35:34 | 000,002,444 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{43c90d68-2388-11da-96c3-806d6172696f}\Shell\AutoRun\command - "" = F:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{43c90d68-2388-11da-96c3-806d6172696f}\Shell\Option1\Command - "" = F:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{6f032b20-ef00-11dd-942f-00142229913a}\Shell - "" = AutoRun
O33 - MountPoints2\{6f032b20-ef00-11dd-942f-00142229913a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f032b20-ef00-11dd-942f-00142229913a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{6f032b21-ef00-11dd-942f-00142229913a}\Shell\Auto\command - "" = G:\Start.exe
O33 - MountPoints2\{6f032b21-ef00-11dd-942f-00142229913a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f032b21-ef00-11dd-942f-00142229913a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{84dd6854-0c8b-11e0-a745-00142229913a}\Shell - "" = AutoRun
O33 - MountPoints2\{84dd6854-0c8b-11e0-a745-00142229913a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84dd6854-0c8b-11e0-a745-00142229913a}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/14 21:55:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/03 03:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/03 03:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/02 23:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\AVG10
[2011/06/02 23:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/02 23:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/02 23:26:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/02 23:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/01 23:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Western Digital
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 14:44:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/24 14:44:37 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1323086792-3218655996-3691950811-1005.job
[2011/06/24 14:44:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/24 14:44:28 | 3219,288,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 04:24:36 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011/06/24 04:24:36 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/06/24 04:24:36 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011/06/24 04:24:36 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011/06/24 04:24:36 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2011/06/23 15:23:33 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/23 15:21:44 | 119,621,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/16 15:24:20 | 010,042,510 | ---- | M] () -- C:\Documents and Settings\David\My Documents\return labels.psd
[2011/06/16 15:02:35 | 000,070,742 | ---- | M] () -- C:\Documents and Settings\David\My Documents\return label.pdf
[2011/06/16 14:59:15 | 000,039,090 | ---- | M] () -- C:\Documents and Settings\David\Application Data\wklnhst.dat
[2011/06/15 17:37:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/15 15:46:33 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/13 00:37:52 | 026,820,608 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Capture.camrec
[2011/06/13 00:37:45 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/03 02:28:30 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dqyiuw.sys
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/29 04:11:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1323086792-3218655996-3691950811-1005.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 04:20:39 | 3219,288,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/23 15:21:44 | 119,621,924 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/16 15:13:03 | 010,042,510 | ---- | C] () -- C:\Documents and Settings\David\My Documents\return labels.psd
[2011/06/16 15:02:34 | 000,070,742 | ---- | C] () -- C:\Documents and Settings\David\My Documents\return label.pdf
[2011/06/13 00:37:47 | 026,820,608 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Capture.camrec
[2011/06/03 03:27:04 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/03 02:28:30 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\dqyiuw.sys
[2011/04/06 13:17:03 | 000,000,000 | ---- | C] () -- C:\Program Files\vlc-1.1.8-win32.exe
[2010/10/08 22:45:34 | 000,233,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/08 22:45:30 | 000,233,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/08 22:45:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/08 22:44:36 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/23 14:26:05 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Final Draft Tagger Preferences
[2010/08/23 02:49:59 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2010/07/01 23:09:34 | 000,148,818 | ---- | C] () -- C:\WINDOWS\hphins31.dat
[2010/07/01 23:09:34 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat
[2010/03/16 00:27:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/03 14:44:26 | 000,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/03 14:44:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/03 14:44:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/03 14:44:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/22 02:40:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/26 22:00:36 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Shortcut to Application Data.lnk
[2009/04/29 14:02:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/04/29 14:02:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/04/29 14:02:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/04/29 14:02:49 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/04/29 14:02:49 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/04/29 14:02:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2009/02/17 23:34:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/01/22 14:26:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/14 15:35:57 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2008/12/26 20:50:26 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2008/07/23 01:50:21 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/07/22 23:40:13 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\David\Application Data\AVSDVDPlayer.m3u
[2008/07/22 23:38:49 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/22 23:38:49 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/07 12:52:41 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/02/19 23:54:38 | 001,237,231 | -HS- | C] () -- C:\WINDOWS\System32\uqkqkges.ini
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
[2008/01/28 00:23:53 | 000,673,546 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/01/28 00:23:53 | 000,088,980 | ---- | C] () -- C:\WINDOWS\System32\uninstwuwservice.exe
[2008/01/28 00:23:53 | 000,000,947 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/12/14 23:24:12 | 000,952,203 | -HS- | C] () -- C:\WINDOWS\System32\pcboepdy.ini
[2007/12/14 23:13:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/14 22:56:03 | 000,000,720 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/11/16 23:34:33 | 000,679,780 | -HS- | C] () -- C:\WINDOWS\System32\omgybsah.ini
[2007/10/27 22:50:20 | 000,485,682 | -HS- | C] () -- C:\WINDOWS\System32\xvgaxkal.ini
[2007/10/27 22:47:37 | 000,483,882 | -HS- | C] () -- C:\WINDOWS\System32\qvltqqcp.ini
[2007/08/14 22:01:10 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/02 21:26:17 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\reebxsct.ini
[2007/08/01 23:59:17 | 000,000,000 | R--- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/01 22:56:55 | 001,748,748 | -HS- | C] () -- C:\WINDOWS\System32\hhhkj.ini
[2007/03/27 03:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/17 20:30:06 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/02/17 20:30:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/02/17 20:30:06 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/02/17 20:30:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/02/17 20:30:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/02/17 20:30:06 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/02/17 20:30:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/02/17 20:30:06 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/02/17 20:30:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/02/17 20:30:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/02/17 20:30:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/02/17 20:30:06 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/02/17 20:30:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/02/17 20:30:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/02/17 20:30:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/02/17 20:30:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/17 20:28:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/02/17 20:25:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6000.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/04/10 22:01:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/01/20 22:40:50 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/19 15:56:22 | 000,039,090 | ---- | C] () -- C:\Documents and Settings\David\Application Data\wklnhst.dat
[2006/01/06 22:42:57 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/01/06 21:45:37 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/30 00:36:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/08 11:42:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/08 11:23:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/08 11:23:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2005/11/08 11:23:32 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/10 08:35:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:11:24 | 000,196,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 002,289,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:28 | 000,426,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,071,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/04 03:55:30 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\conslicr.dat
[2003/08/04 03:55:30 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\conslic.dat
[2002/12/18 06:31:36 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

========== Files - Unicode (All) ==========
[2007/08/02 00:41:05 | 000,000,000 | ---D | M](C:\Documents and Settings\David\Application Data\??crosoft.NET) -- C:\Documents and Settings\David\Application Data\Міcrosoft.NET
[2007/08/02 00:41:05 | 000,000,000 | ---D | M](C:\Documents and Settings\David\Application Data\??crosoft.NET) -- C:\Documents and Settings\David\Application Data\Міcrosoft.NET
(C:\Documents and Settings\David\Application Data\??crosoft.NET) -- C:\Documents and Settings\David\Application Data\Міcrosoft.NET

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

#2
Essexboy

Posted 24 June 2011 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi lets see if I can assist

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2011/06/03 02:28:30 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dqyiuw.sys

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
Fairytale Studio

Posted 27 June 2011 - 05:33 PM

Member

Topic Starter
Member
17 posts

I have Run Fix rebooted and this came up. Below there is a quick scan I did after.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\WINDOWS\system32\drivers\dqyiuw.sys moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\David\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\David\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Documents and Settings\David\Application Data\Міcrosoft.NET folder moved successfully.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 709768 bytes
->Temporary Internet Files folder emptied: 468899 bytes
->FireFox cache emptied: 2563036 bytes

User: All Users

User: David
->Temp folder emptied: 7988845995 bytes
->Temporary Internet Files folder emptied: 182603364 bytes
->Java cache emptied: 60644742 bytes
->FireFox cache emptied: 687618527 bytes
->Google Chrome cache emptied: 5976421 bytes
->Flash cache emptied: 4785270 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 54786 bytes

User: NetworkService
->Temp folder emptied: 69612 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 21742097 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6742973 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 35598832 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 30129715 bytes

Total Files Cleaned = 8,613.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.24.1 log created on 06272011_183936

Files\Folders moved on Reboot...
C:\Documents and Settings\David\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DFABFB.tmp not found!
File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DFAC06.tmp not found!
File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DFAC52.tmp not found!
File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DFAC5D.tmp not found!
File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DFAC8A.tmp not found!
File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DFAC95.tmp not found!
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XE3Z21S7\login_status[1].htm moved successfully.
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\ULM3S00A\forum[3] moved successfully.
File\Folder C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\BP4D0YJU\like[1].htm not found!
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\BP4D0YJU\page__p__2029118__fromsearch__1[1].htm moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Quick Scan

OTL logfile created on: 6/27/2011 7:23:10 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\David\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 77.50% Memory free
4.84 Gb Paging File | 4.34 Gb Available in Paging File | 89.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 18.75 Gb Free Space | 25.19% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 167.52 Gb Free Space | 17.98% Space Free | Partition Type: NTFS

Computer Name: RAPTOR | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 18:08:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\My Documents\Downloads\OTL.exe
PRC - [2011/06/14 23:03:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/11 15:08:02 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/01 21:53:36 | 002,684,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
PRC - [2009/09/01 05:00:11 | 000,075,048 | R--- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 18:08:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 05:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Auto | Stopped] -- -- (WebUpdate)
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [Auto | Stopped] -- -- (nlsX86cc)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (astcc)
SRV - File not found [Auto | Stopped] -- -- (ASFAgent)
SRV - [2011/06/14 23:03:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/27 05:08:14 | 000,068,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/03/03 00:56:17 | 000,072,704 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005/07/06 17:55:02 | 000,053,248 | ---- | M] (Dell) [Auto | Stopped] -- c:\Program Files\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/28 01:22:07 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/28 01:22:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/11/28 01:22:07 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/01 17:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/24 15:34:31] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008/04/14 01:16:10 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/14 01:16:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2006/08/11 10:22:02 | 000,009,344 | ---- | M] (Canon Inc. All rights reserved) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvcr.sys -- (vvcr)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/09/29 08:09:16 | 000,032,640 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\accskmd.sys -- (ACCSKMD)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/04/01 18:40:00 | 000,092,571 | R--- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\afamgt.sys -- (AFAmgt)
DRV - [2002/12/18 06:31:06 | 000,036,064 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AddThis"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...ff50ie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.addthi...ocale=en-US&q="

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/07/01 23:18:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 18:44:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 18:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 20:12:24 | 000,000,000 | ---D | M]

[2008/08/27 22:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2011/05/23 18:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\o8op75tn.default\extensions
[2011/06/24 02:44:38 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\o8op75tn.default\searchplugins\aimsearch-1.xml
[2008/05/17 20:10:28 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\o8op75tn.default\searchplugins\aimsearch.src
[2008/04/28 22:38:36 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\o8op75tn.default\searchplugins\aimsearch.xml
[2011/05/17 19:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/11 23:32:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/17 19:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/02/10 20:37:29 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O8OP75TN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/24 18:44:34 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/03/08 03:33:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/05/07 00:22:26 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/27 18:39:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1256718545046 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/David/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/16 18:35:34 | 000,002,444 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{43c90d68-2388-11da-96c3-806d6172696f}\Shell\AutoRun\command - "" = F:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{43c90d68-2388-11da-96c3-806d6172696f}\Shell\Option1\Command - "" = F:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{6f032b20-ef00-11dd-942f-00142229913a}\Shell - "" = AutoRun
O33 - MountPoints2\{6f032b20-ef00-11dd-942f-00142229913a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f032b20-ef00-11dd-942f-00142229913a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{6f032b21-ef00-11dd-942f-00142229913a}\Shell\Auto\command - "" = G:\Start.exe
O33 - MountPoints2\{6f032b21-ef00-11dd-942f-00142229913a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f032b21-ef00-11dd-942f-00142229913a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{84dd6854-0c8b-11e0-a745-00142229913a}\Shell - "" = AutoRun
O33 - MountPoints2\{84dd6854-0c8b-11e0-a745-00142229913a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84dd6854-0c8b-11e0-a745-00142229913a}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 18:39:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/14 21:55:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/03 03:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/03 03:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/02 23:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\AVG10
[2011/06/02 23:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/02 23:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/02 23:26:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/02 23:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/01 23:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Western Digital
[2 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 19:16:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/27 19:15:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1323086792-3218655996-3691950811-1005.job
[2011/06/27 19:15:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 19:15:52 | 3219,288,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/27 18:39:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/27 18:26:07 | 120,201,870 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/27 17:52:59 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011/06/27 17:52:59 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/06/27 17:52:59 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011/06/27 17:52:59 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011/06/27 17:52:59 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2011/06/24 18:44:50 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/16 15:24:20 | 010,042,510 | ---- | M] () -- C:\Documents and Settings\David\My Documents\return labels.psd
[2011/06/16 15:02:35 | 000,070,742 | ---- | M] () -- C:\Documents and Settings\David\My Documents\return label.pdf
[2011/06/16 14:59:15 | 000,039,090 | ---- | M] () -- C:\Documents and Settings\David\Application Data\wklnhst.dat
[2011/06/15 15:46:33 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/13 00:37:52 | 026,820,608 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Capture.camrec
[2011/06/13 00:37:45 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/29 04:11:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1323086792-3218655996-3691950811-1005.job
[2 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/27 18:26:07 | 120,201,870 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/24 18:35:56 | 3219,288,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/16 15:13:03 | 010,042,510 | ---- | C] () -- C:\Documents and Settings\David\My Documents\return labels.psd
[2011/06/16 15:02:34 | 000,070,742 | ---- | C] () -- C:\Documents and Settings\David\My Documents\return label.pdf
[2011/06/13 00:37:47 | 026,820,608 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Capture.camrec
[2011/06/03 03:27:04 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/06 13:17:03 | 000,000,000 | ---- | C] () -- C:\Program Files\vlc-1.1.8-win32.exe
[2010/10/08 22:45:34 | 000,233,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/08 22:45:30 | 000,233,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/08 22:45:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/08 22:44:36 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/23 14:26:05 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Final Draft Tagger Preferences
[2010/08/23 02:49:59 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2010/07/01 23:09:34 | 000,148,818 | ---- | C] () -- C:\WINDOWS\hphins31.dat
[2010/07/01 23:09:34 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat
[2010/03/16 00:27:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/03 14:44:26 | 000,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/03 14:44:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/03 14:44:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/03 14:44:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/22 02:40:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/26 22:00:36 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Shortcut to Application Data.lnk
[2009/04/29 14:02:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/04/29 14:02:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/04/29 14:02:49 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/04/29 14:02:49 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/04/29 14:02:49 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/04/29 14:02:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2009/02/17 23:34:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/01/22 14:26:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/14 15:35:57 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2008/12/26 20:50:26 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2008/07/23 01:50:21 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/07/22 23:40:13 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\David\Application Data\AVSDVDPlayer.m3u
[2008/07/22 23:38:49 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/22 23:38:49 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/07 12:52:41 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/02/19 23:54:38 | 001,237,231 | -HS- | C] () -- C:\WINDOWS\System32\uqkqkges.ini
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
[2008/01/28 00:23:53 | 000,673,546 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/01/28 00:23:53 | 000,088,980 | ---- | C] () -- C:\WINDOWS\System32\uninstwuwservice.exe
[2008/01/28 00:23:53 | 000,000,947 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/12/14 23:24:12 | 000,952,203 | -HS- | C] () -- C:\WINDOWS\System32\pcboepdy.ini
[2007/12/14 23:13:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/14 22:56:03 | 000,000,720 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/11/16 23:34:33 | 000,679,780 | -HS- | C] () -- C:\WINDOWS\System32\omgybsah.ini
[2007/10/27 22:50:20 | 000,485,682 | -HS- | C] () -- C:\WINDOWS\System32\xvgaxkal.ini
[2007/10/27 22:47:37 | 000,483,882 | -HS- | C] () -- C:\WINDOWS\System32\qvltqqcp.ini
[2007/08/14 22:01:10 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/02 21:26:17 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\reebxsct.ini
[2007/08/01 23:59:17 | 000,000,000 | R--- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/01 22:56:55 | 001,748,748 | -HS- | C] () -- C:\WINDOWS\System32\hhhkj.ini
[2007/03/27 03:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/17 20:30:06 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/02/17 20:30:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/02/17 20:30:06 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/02/17 20:30:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/02/17 20:30:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/02/17 20:30:06 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/02/17 20:30:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/02/17 20:30:06 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/02/17 20:30:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/02/17 20:30:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/02/17 20:30:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/02/17 20:30:06 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/02/17 20:30:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/02/17 20:30:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/02/17 20:30:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/02/17 20:30:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/17 20:28:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/02/17 20:25:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6000.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/04/10 22:01:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/01/20 22:40:50 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/19 15:56:22 | 000,039,090 | ---- | C] () -- C:\Documents and Settings\David\Application Data\wklnhst.dat
[2006/01/06 22:42:57 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/01/06 21:45:37 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/30 00:36:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/08 11:42:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/08 11:23:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/08 11:23:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2005/11/08 11:23:32 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/10 08:35:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 002,289,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:28 | 000,426,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,071,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/04 03:55:30 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\conslicr.dat
[2003/08/04 03:55:30 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\conslic.dat
[2002/12/18 06:31:36 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

========== LOP Check ==========

[2009/10/21 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/06/24 18:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2006/09/07 23:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chameleon Power Inc
[2011/06/02 23:26:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/12/30 00:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2010/08/23 02:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/06/03 03:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/29 14:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2008/05/30 11:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pegasys Inc
[2009/04/10 02:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/12/22 21:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/03/11 01:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/26 21:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/27 09:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\1&1
[2009/10/21 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Autodesk
[2011/06/02 23:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\AVG10
[2006/09/07 23:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Chameleon Power Inc
[2007/02/17 20:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\EPSON
[2010/03/27 02:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Facebook
[2011/04/07 15:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\FileZilla
[2010/08/23 02:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Final Draft
[2009/06/27 03:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\GARMIN
[2007/02/17 20:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Leadertech
[2008/07/07 19:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\LEAPS
[2010/03/21 21:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\MainConcept
[2006/03/06 11:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\MayaWebBrowser
[2009/08/18 14:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\MPEG Streamclip
[2006/08/30 01:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\NetMedia Providers
[2006/10/04 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Opera
[2007/12/30 00:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Pegasys Inc
[2006/04/23 02:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Pixar
[2008/12/31 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\PPStream
[2009/03/17 22:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Publish Providers
[2008/12/26 21:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\RevoluTV
[2010/04/25 14:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SiteBuilder.1092AF29A5D2D6F129EC9E969ADB342C4F09EC7B.1
[2008/07/22 22:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Sony
[2007/10/21 22:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Sony Setup

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

#4
Fairytale Studio

Posted 27 June 2011 - 05:39 PM

Member

Topic Starter
Member
17 posts

I have attached aswMBR file.

Attached Files

aswMBR.txt 1.51KB 101 downloads

#5
Essexboy

Posted 28 June 2011 - 10:50 AM

GeekU Moderator

Retired Staff
69,964 posts

OK methinks I see it

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

#6
Fairytale Studio

Posted 28 June 2011 - 11:58 AM

Member

Topic Starter
Member
17 posts

Autoscan: completed 3 minutes ago (events: 21, objects: 16574, time: 00:27:55)
6/28/2011 1:23:06 PM Task started
6/28/2011 1:23:55 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgwdsvc.exe
6/28/2011 1:38:08 PM Will be quarantined on system restart: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgwdsvc.exe
6/28/2011 1:38:12 PM Detected: Trojan-Spy.Win32.Zbot.gen C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
6/28/2011 1:39:48 PM Will be deleted on system restart: Trojan-Spy.Win32.Zbot.gen C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
6/28/2011 1:40:00 PM Detected: Rootkit.Win32.ZAccess.c C:\WINDOWS\system32\drivers\rdpdr.sys
6/28/2011 1:40:01 PM Cannot be deleted: Rootkit.Win32.ZAccess.c C:\WINDOWS\system32\drivers\rdpdr.sys Object is locked
6/28/2011 1:40:01 PM Will be deleted on system restart: Rootkit.Win32.ZAccess.c C:\WINDOWS\system32\drivers\rdpdr.sys
6/28/2011 1:40:08 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgchsvx.exe
6/28/2011 1:40:43 PM Will be quarantined on system restart: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgchsvx.exe
6/28/2011 1:40:43 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgrsx.exe
6/28/2011 1:41:13 PM Will be quarantined on system restart: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgrsx.exe
6/28/2011 1:43:07 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgchsvx.exe
6/28/2011 1:43:18 PM Will be quarantined on system restart: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgchsvx.exe
6/28/2011 1:43:34 PM Detected: Trojan-Spy.Win32.Zbot.gen C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
6/28/2011 1:43:43 PM Will be deleted on system restart: Trojan-Spy.Win32.Zbot.gen C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
6/28/2011 1:43:46 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgrsx.exe
6/28/2011 1:43:56 PM Will be quarantined on system restart: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgrsx.exe
6/28/2011 1:43:57 PM Detected: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgcsrvx.exe
6/28/2011 1:43:58 PM Will be quarantined on system restart: Virus.Win32.Suspic.gen C:\Program Files\AVG\AVG10\avgcsrvx.exe
6/28/2011 1:51:01 PM Task completed

#7
Fairytale Studio

Posted 28 June 2011 - 11:59 AM

Member

Topic Starter
Member
17 posts

Gather System Information, last report saved results

Attached Files

avptool_sysinfo.zip 15.93KB 80 downloads

#8
Essexboy

Posted 28 June 2011 - 12:02 PM

GeekU Moderator

Retired Staff
69,964 posts

Looks as though it may have killed it - could you check for redirect now please

#9
Fairytale Studio

Posted 28 June 2011 - 12:07 PM

Member

Topic Starter
Member
17 posts

No, the internet is still slow and when I search for something it takes me to a blank page that says Object moved here. The word here is a link to somewhere.

#10
Essexboy

Posted 28 June 2011 - 12:37 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets try TDSSKiller before any other tool, as if I need to use something else AVG will need to be uninstalled

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#11
Fairytale Studio

Posted 28 June 2011 - 12:41 PM

Member

Topic Starter
Member
17 posts

I will be trying what you just posted, just letting you know it doesn't want to uninstall AVG. It says General internal error every time. MSI action failed. I even tried revo uninstaller.

Edited by Fairytale Studio, 28 June 2011 - 12:44 PM.

#12
Essexboy

Posted 28 June 2011 - 12:45 PM

GeekU Moderator

Retired Staff
69,964 posts

So AVG is broke then ?

TDSSKiller will run with AVG installed

#13
Fairytale Studio

Posted 28 June 2011 - 01:08 PM

Member

Topic Starter
Member
17 posts

2011/06/28 15:02:54.0656 3112 TDSS rootkit removing tool 2.5.7.0 Jun 28 2011 13:21:55
2011/06/28 15:02:55.0156 3112 ================================================================================
2011/06/28 15:02:55.0156 3112 SystemInfo:
2011/06/28 15:02:55.0156 3112
2011/06/28 15:02:55.0156 3112 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/28 15:02:55.0156 3112 Product type: Workstation
2011/06/28 15:02:55.0156 3112 ComputerName: RAPTOR
2011/06/28 15:02:55.0156 3112 UserName: David
2011/06/28 15:02:55.0156 3112 Windows directory: C:\WINDOWS
2011/06/28 15:02:55.0156 3112 System windows directory: C:\WINDOWS
2011/06/28 15:02:55.0156 3112 Processor architecture: Intel x86
2011/06/28 15:02:55.0156 3112 Number of processors: 2
2011/06/28 15:02:55.0156 3112 Page size: 0x1000
2011/06/28 15:02:55.0156 3112 Boot type: Normal boot
2011/06/28 15:02:55.0156 3112 ================================================================================
2011/06/28 15:03:00.0453 3112 Initialize success
2011/06/28 15:03:10.0265 3820 ================================================================================
2011/06/28 15:03:10.0265 3820 Scan started
2011/06/28 15:03:10.0265 3820 Mode: Manual;
2011/06/28 15:03:10.0265 3820 ================================================================================
2011/06/28 15:03:11.0906 3820 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/06/28 15:03:11.0953 3820 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/28 15:03:12.0000 3820 ACCSKMD (3a994abdfdf8685d928d1857d4ff86d7) C:\WINDOWS\system32\DRIVERS\accskmd.sys
2011/06/28 15:03:12.0062 3820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/28 15:03:12.0093 3820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/28 15:03:12.0125 3820 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
2011/06/28 15:03:12.0187 3820 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/28 15:03:12.0218 3820 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/28 15:03:12.0265 3820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/28 15:03:12.0312 3820 AFAmgt (cbda98135d62e40b609ab0cf0dbcefea) C:\WINDOWS\system32\drivers\AFAmgt.sys
2011/06/28 15:03:12.0343 3820 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/28 15:03:12.0390 3820 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/28 15:03:12.0421 3820 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/28 15:03:12.0546 3820 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/28 15:03:12.0703 3820 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/28 15:03:12.0765 3820 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/28 15:03:12.0796 3820 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/28 15:03:12.0828 3820 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/28 15:03:12.0859 3820 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/28 15:03:12.0875 3820 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/28 15:03:12.0921 3820 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/28 15:03:12.0968 3820 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/28 15:03:12.0984 3820 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/28 15:03:13.0015 3820 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/28 15:03:13.0046 3820 AsfAlrt (e301dd2b6cced65e0537ceaee8f954b6) C:\WINDOWS\system32\drivers\AsfAlrt.sys
2011/06/28 15:03:13.0109 3820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/28 15:03:13.0156 3820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/28 15:03:13.0187 3820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/28 15:03:13.0218 3820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/28 15:03:13.0265 3820 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/06/28 15:03:13.0281 3820 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
2011/06/28 15:03:13.0328 3820 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/28 15:03:13.0359 3820 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/28 15:03:13.0375 3820 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/28 15:03:13.0390 3820 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/28 15:03:13.0453 3820 Avgldx86 (1937afe61cdcaab8076d96e52bd6516c) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/28 15:03:13.0453 3820 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\avgldx86.sys. Real md5: 1937afe61cdcaab8076d96e52bd6516c, Fake md5: 4e796d3d2c3182b13b3e3b5a2ad4ef0a
2011/06/28 15:03:13.0453 3820 Avgldx86 - detected Rootkit.Win32.ZAccess.c (0)
2011/06/28 15:03:13.0468 3820 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/28 15:03:13.0484 3820 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/28 15:03:13.0515 3820 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/06/28 15:03:13.0531 3820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/28 15:03:13.0578 3820 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/28 15:03:13.0593 3820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/28 15:03:13.0640 3820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/28 15:03:13.0671 3820 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/28 15:03:13.0703 3820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/28 15:03:13.0750 3820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/28 15:03:13.0765 3820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/28 15:03:13.0812 3820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/28 15:03:13.0859 3820 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/28 15:03:13.0921 3820 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/28 15:03:13.0953 3820 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/28 15:03:14.0000 3820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/28 15:03:14.0062 3820 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/28 15:03:14.0078 3820 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/28 15:03:14.0125 3820 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/28 15:03:14.0140 3820 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/28 15:03:14.0171 3820 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/28 15:03:14.0187 3820 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/28 15:03:14.0203 3820 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/28 15:03:14.0234 3820 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/28 15:03:14.0234 3820 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/28 15:03:14.0359 3820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/28 15:03:14.0390 3820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/06/28 15:03:14.0406 3820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/28 15:03:14.0437 3820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/28 15:03:14.0484 3820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/28 15:03:14.0515 3820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/28 15:03:14.0546 3820 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/28 15:03:14.0578 3820 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/28 15:03:14.0609 3820 E1000 (bb98a47faf8b6a99202290c1e7d49d36) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/06/28 15:03:14.0640 3820 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/28 15:03:14.0671 3820 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/28 15:03:14.0734 3820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/28 15:03:14.0781 3820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/28 15:03:14.0890 3820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/28 15:03:15.0000 3820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/28 15:03:15.0062 3820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/28 15:03:15.0093 3820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/28 15:03:15.0109 3820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/28 15:03:15.0140 3820 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/28 15:03:15.0156 3820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/28 15:03:15.0203 3820 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
2011/06/28 15:03:15.0281 3820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/28 15:03:15.0328 3820 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/28 15:03:15.0375 3820 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/28 15:03:15.0406 3820 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/28 15:03:15.0437 3820 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/28 15:03:15.0500 3820 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/28 15:03:15.0531 3820 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/28 15:03:15.0562 3820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/28 15:03:15.0593 3820 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/28 15:03:15.0609 3820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/28 15:03:15.0671 3820 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/28 15:03:15.0703 3820 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/28 15:03:15.0734 3820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/28 15:03:15.0765 3820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/28 15:03:15.0812 3820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/28 15:03:15.0843 3820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/28 15:03:15.0890 3820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/28 15:03:15.0906 3820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/28 15:03:15.0968 3820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/28 15:03:16.0000 3820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/28 15:03:16.0031 3820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/28 15:03:16.0062 3820 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/28 15:03:16.0093 3820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/28 15:03:16.0125 3820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/28 15:03:16.0203 3820 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/28 15:03:16.0250 3820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/28 15:03:16.0281 3820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/28 15:03:16.0312 3820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/28 15:03:16.0328 3820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/28 15:03:16.0343 3820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/28 15:03:16.0375 3820 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/28 15:03:16.0390 3820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/28 15:03:16.0453 3820 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/28 15:03:16.0515 3820 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/06/28 15:03:16.0546 3820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/28 15:03:16.0578 3820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/28 15:03:16.0625 3820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/28 15:03:16.0671 3820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/28 15:03:16.0703 3820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/28 15:03:16.0750 3820 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
2011/06/28 15:03:16.0781 3820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/28 15:03:16.0812 3820 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/28 15:03:16.0859 3820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/28 15:03:16.0906 3820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/28 15:03:16.0953 3820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/28 15:03:16.0984 3820 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/28 15:03:17.0015 3820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/28 15:03:17.0078 3820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/28 15:03:17.0171 3820 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/28 15:03:17.0203 3820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/28 15:03:17.0250 3820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/28 15:03:17.0328 3820 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/28 15:03:17.0343 3820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/28 15:03:17.0390 3820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/28 15:03:17.0421 3820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/28 15:03:17.0750 3820 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/28 15:03:18.0046 3820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/28 15:03:18.0078 3820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/28 15:03:18.0109 3820 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/28 15:03:18.0140 3820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/28 15:03:18.0156 3820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/28 15:03:18.0187 3820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/28 15:03:18.0203 3820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/28 15:03:18.0218 3820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/28 15:03:18.0265 3820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/28 15:03:18.0312 3820 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/28 15:03:18.0359 3820 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/28 15:03:18.0421 3820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/28 15:03:18.0437 3820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/28 15:03:18.0453 3820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/28 15:03:18.0500 3820 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/28 15:03:18.0546 3820 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/28 15:03:18.0546 3820 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/28 15:03:18.0593 3820 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/28 15:03:18.0609 3820 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/28 15:03:18.0640 3820 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/28 15:03:18.0656 3820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/28 15:03:18.0687 3820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/28 15:03:18.0703 3820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/28 15:03:18.0734 3820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/28 15:03:18.0781 3820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/28 15:03:18.0796 3820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/28 15:03:18.0875 3820 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/28 15:03:18.0937 3820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/28 15:03:19.0031 3820 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/28 15:03:19.0046 3820 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/06/28 15:03:19.0062 3820 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/06/28 15:03:19.0125 3820 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/06/28 15:03:19.0156 3820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/28 15:03:19.0187 3820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/28 15:03:19.0265 3820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/28 15:03:19.0359 3820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/28 15:03:19.0437 3820 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/28 15:03:19.0468 3820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/28 15:03:19.0515 3820 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/28 15:03:19.0578 3820 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/28 15:03:19.0609 3820 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/28 15:03:19.0640 3820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/28 15:03:19.0703 3820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/28 15:03:19.0734 3820 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/28 15:03:19.0796 3820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/28 15:03:19.0812 3820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/28 15:03:19.0875 3820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/28 15:03:19.0906 3820 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/28 15:03:19.0937 3820 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/28 15:03:19.0984 3820 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/28 15:03:20.0015 3820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/28 15:03:20.0062 3820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/28 15:03:20.0109 3820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/28 15:03:20.0171 3820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/28 15:03:20.0187 3820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/28 15:03:20.0234 3820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/28 15:03:20.0265 3820 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/28 15:03:20.0328 3820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/28 15:03:20.0359 3820 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/28 15:03:20.0421 3820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/28 15:03:20.0468 3820 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/28 15:03:20.0500 3820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/28 15:03:20.0546 3820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/28 15:03:20.0562 3820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/28 15:03:20.0609 3820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/28 15:03:20.0625 3820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/28 15:03:20.0671 3820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/28 15:03:20.0687 3820 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/28 15:03:20.0734 3820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/28 15:03:20.0765 3820 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/28 15:03:20.0812 3820 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/28 15:03:20.0828 3820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/28 15:03:20.0875 3820 vvcr (e94210b31ebbd87354a868216b904ad7) C:\WINDOWS\system32\drivers\vvcr.sys
2011/06/28 15:03:20.0937 3820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/28 15:03:20.0968 3820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/28 15:03:21.0062 3820 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/28 15:03:21.0109 3820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/28 15:03:21.0156 3820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/28 15:03:21.0187 3820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/28 15:03:21.0312 3820 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\000.fcl
2011/06/28 15:03:21.0343 3820 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/28 15:03:21.0859 3820 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/06/28 15:03:21.0968 3820 Boot (0x1200) (34a452f16cfe85352e3fbeb30e28ddd9) \Device\Harddisk0\DR0\Partition0
2011/06/28 15:03:21.0984 3820 Boot (0x1200) (045f49c38b5bf41860b59ee02d0b7b4f) \Device\Harddisk1\DR1\Partition0
2011/06/28 15:03:21.0984 3820 ================================================================================
2011/06/28 15:03:21.0984 3820 Scan finished
2011/06/28 15:03:21.0984 3820 ================================================================================
2011/06/28 15:03:22.0000 3796 Detected object count: 1
2011/06/28 15:03:22.0000 3796 Actual detected object count: 1
2011/06/28 15:03:38.0640 3796 Avgldx86 (1937afe61cdcaab8076d96e52bd6516c) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/28 15:03:38.0656 3796 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\avgldx86.sys. Real md5: 1937afe61cdcaab8076d96e52bd6516c, Fake md5: 4e796d3d2c3182b13b3e3b5a2ad4ef0a
2011/06/28 15:03:38.0859 3796 Backup copy found, using it..
2011/06/28 15:03:38.0859 3796 C:\WINDOWS\system32\DRIVERS\avgldx86.sys - will be cured after reboot
2011/06/28 15:03:38.0859 3796 Rootkit.Win32.ZAccess.c(Avgldx86) - User select action: Cure
2011/06/28 15:04:00.0015 3092 Deinitialize success

#14
Fairytale Studio

Posted 28 June 2011 - 01:11 PM

Member

Topic Starter
Member
17 posts

I gotta say the internet is faster and it doesn't redirect anymore. How do I know for sure it's not hiding anywhere? How about programs like Hijackthis and combofix. didn't need to use them? Plus, I should probably get rid of AVG, it seems to come up with all the virus reports. What do you think?

Edited by Fairytale Studio, 28 June 2011 - 01:13 PM.

#15
Essexboy

Posted 28 June 2011 - 01:17 PM

GeekU Moderator

Retired Staff
69,964 posts

OK this is why AVG is not playing, it was infected

2011/06/28 15:03:38.0656 3796 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\avgldx86.sys. Real md5: 1937afe61cdcaab8076d96e52bd6516c, Fake md5: 4e796d3d2c3182b13b3e3b5a2ad4ef0a
2011/06/28 15:03:38.0859 3796 Backup copy found, using it..
2011/06/28 15:03:38.0859 3796 C:\WINDOWS\system32\DRIVERS\avgldx86.sys - will be cured after reboot
2011/06/28 15:03:38.0859 3796 Rootkit.Win32.ZAccess.c(Avgldx86) - User select action: Cure

As it was AVG that was infected we will need to remove it and check out for any further infected elements
If you wish to change your AV then there is the option of Avast, MS Security essentials and Avira. If you decide to change let me know which one you would like to use and I will provide a link for it

Download a fresh copy of AVG to your desktop
Download the AVG removal tool to your desktop
Download AppRemover .

Uninstall AVG via Programmes and Features
Run the AVG removal tool

Run appremover
Click Next >>
Posted Image

Ensure "Remove Security Application" is collected and click Next >>
Posted Image

AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now