Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google desktop gadget virus (HJT log included)

Started by geekyandhow , Jul 22 2011 05:11 PM

  • This topic is locked This topic is locked

#1
geekyandhow
Posted 22 July 2011 - 05:11 PM

geekyandhow

    Member

  • Member
  • PipPip
  • 74 posts
Hello,

After downloading one of the Google desktop gadgets on to the Google desktop, I got a threat warning from AVG and I permitted it to remove the threat, but I am not sure if my PC is still infected. Just want to make sure my security isn't compromised. Here are the screenshots. Thank you very much in advance for the help.

http://imm.io/7kFB
http://imm.io/7kFC

(Also, does anyone know what the problem with my volume bar could be? It hasn't been working since weeks. But the volume of songs works just fine. There is no sound of the ding when I increase/decrease volume on the volume bar next to the clock. Also, the only time there is no sound is on startup/shutdown. Please note that this problem is unrelated to the problem above because I have been experiencing this problem since 2-3 weeks and the virus problem happened just yesterday. So they're totally UNRELATED.

Also, another thing I've been noticing is that even after closing my IE 8 explorer, the processes named iexplore.exe don't disappear from the task manager. Moreover, it hogs as much as 200K all the time. The same goes for Firefox. I tried RAMBOOSTER but it doesn't solve this problem for me.)

Thanks in advance!

---------------------------------------------------------------------------------

Here's the OTL log:

OTL logfile created on: 7/26/2011 5:37:29 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\NK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 22.94% Memory free
3.72 Gb Paging File | 1.29 Gb Available in Paging File | 34.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 214.84 Gb Total Space | 194.83 Gb Free Space | 90.68% Space Free | Partition Type: NTFS
Drive D: | 18.03 Gb Total Space | 16.36 Gb Free Space | 90.74% Space Free | Partition Type: NTFS

Computer Name: NK-F5FFDC7 | User Name: NK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/26 05:37:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NK\Desktop\OTL.exe
PRC - [2011/07/16 00:16:16 | 000,358,400 | ---- | M] (Antiz) -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\PokerRatings.exe
PRC - [2011/07/08 12:46:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/29 13:37:45 | 002,971,648 | ---- | M] () -- C:\Program Files\Cake Poker\cake.exe
PRC - [2011/06/23 19:49:28 | 006,539,608 | ---- | M] (PokerStars) -- C:\Program Files\PokerStars\PokerStars.exe
PRC - [2011/06/16 07:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/06/14 09:16:22 | 004,624,896 | ---- | M] (Bodog) -- C:\Program Files\Bodog Poker\BPGame.exe
PRC - [2011/05/25 11:39:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/19 22:42:20 | 004,358,214 | ---- | M] (ABSOLUTE POKER) -- C:\Program Files\Absolute Poker\mainclient.exe
PRC - [2011/05/16 03:43:20 | 002,268,160 | ---- | M] (Playtech) -- C:\Program Files\William Hill Poker\casino.exe
PRC - [2011/05/16 01:23:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/05/15 04:22:22 | 000,499,712 | ---- | M] () -- C:\Program Files\Absolute Poker\aphh.exe
PRC - [2011/05/04 06:14:36 | 007,307,264 | ---- | M] (Hold'em Manager) -- C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe
PRC - [2011/05/04 06:05:22 | 001,908,736 | ---- | M] (Hold'em Manager) -- C:\Program Files\RVG Software\Holdem Manager\HMImport.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/15 21:14:00 | 000,663,552 | ---- | M] (IdleMiner) -- C:\Program Files\Bodog Hand Grabber\BodogHandGrabber.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2011/01/28 10:45:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2011/01/28 10:43:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/09/26 00:27:38 | 000,245,248 | ---- | M] () -- C:\Program Files\AutoHotkey\AutoHotkey.exe
PRC - [2008/04/14 11:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/17 07:32:54 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe
PRC - [2002/12/20 04:47:56 | 000,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe


========== Modules (SafeList) ==========

MOD - [2011/07/26 05:37:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NK\Desktop\OTL.exe
MOD - [2011/05/21 09:58:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\hotkey.dll
MOD - [2011/05/16 01:23:34 | 000,064,600 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2010/08/23 21:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/18 09:15:26 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\msvcr100.dll
MOD - [2002/12/20 04:46:50 | 000,073,728 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenuHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/22 04:00:55 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 11:39:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/28 10:45:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2007/09/20 16:37:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 16:37:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/05/10 15:58:08 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/04/09 11:17:14 | 000,227,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cccp106.sys -- (CCCP106) CIF USB Camera (2110A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\NK\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 17:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/20 18:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 04:27:56 | 000,000,000 | ---D | M]

[2011/07/20 18:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NK\Application Data\Mozilla\Extensions
[2011/07/21 02:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NK\Application Data\Mozilla\Firefox\Profiles\974zlf84.default\extensions
[2011/07/21 02:52:33 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\NK\Application Data\Mozilla\Firefox\Profiles\974zlf84.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2011/07/21 00:52:12 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\NK\Application Data\Mozilla\Firefox\Profiles\974zlf84.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/07/20 18:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/17 04:47:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\[email protected]
[2011/05/16 03:06:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 12:46:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/17 04:47:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 13:30:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula)
O4 - Startup: C:\Documents and Settings\NK\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 59.185.0.23 59.185.0.50
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/15 02:12:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{679785f2-8703-11e0-9f38-001b2207096f}\Shell - "" = AutoRun
O33 - MountPoints2\{679785f2-8703-11e0-9f38-001b2207096f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{679785f2-8703-11e0-9f38-001b2207096f}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 05:36:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NK\Desktop\OTL.exe
[2011/07/23 03:40:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/22 03:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2011/07/22 03:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/07/22 03:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\My Documents\Anti-Malware
[2011/07/22 02:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Local Settings\Application Data\Help
[2011/07/22 02:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Application Data\Help
[2011/07/22 02:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\RamBooster 2.0
[2011/07/21 00:00:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NK\Recent
[2011/07/20 18:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Application Data\Mozilla
[2011/07/20 17:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Application Data\Google
[2011/07/20 17:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Local Settings\Application Data\WMTools Downloaded Files
[2011/07/20 15:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/07/20 15:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\My Documents\My Google Gadgets
[2011/06/29 15:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Application Data\Foxit Software
[2011/06/29 13:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cake Poker
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/26 05:37:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NK\Desktop\OTL.exe
[2011/07/25 22:08:40 | 125,314,454 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/25 13:19:45 | 000,493,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/25 13:19:45 | 000,083,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/25 13:15:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 02:57:52 | 003,747,968 | ---- | M] () -- C:\Documents and Settings\NK\Desktop\04 - Senorita.mp3
[2011/07/25 02:08:31 | 000,104,642 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/23 03:40:31 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/22 20:35:05 | 000,658,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/07/22 03:52:15 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2011/07/21 04:04:03 | 000,001,251 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Songs.lnk
[2011/07/21 03:13:17 | 000,518,343 | ---- | M] () -- C:\shot0.png
[2011/07/21 00:03:31 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerRatings.lnk
[2011/07/20 19:32:15 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\NK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/20 18:25:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/20 16:13:29 | 000,000,122 | ---- | M] () -- C:\WINDOWS\_vmtxp.ini
[2011/07/19 21:21:22 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Names.lnk
[2011/07/13 23:35:23 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 17:19:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 15:54:22 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/07/05 15:20:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/25 02:57:44 | 003,747,968 | ---- | C] () -- C:\Documents and Settings\NK\Desktop\04 - Senorita.mp3
[2011/07/22 03:52:15 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2011/07/22 02:30:07 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Launch RamBooster 2.0.lnk
[2011/07/21 04:03:27 | 000,001,251 | ---- | C] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Songs.lnk
[2011/07/21 03:13:17 | 000,518,343 | ---- | C] () -- C:\shot0.png
[2011/07/20 18:25:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/20 16:23:06 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerRatings.lnk
[2011/07/20 16:07:13 | 000,000,122 | ---- | C] () -- C:\WINDOWS\_vmtxp.ini
[2011/07/19 21:21:22 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Names.lnk
[2011/07/19 00:44:24 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\NK\Start Menu\Programs\BitTorrent.lnk
[2011/07/05 20:15:19 | 000,004,805 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2011/06/18 01:32:47 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/18 01:32:47 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/18 01:32:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/18 01:32:26 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/29 23:31:01 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/28 17:25:16 | 000,227,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\cccp106.sys
[2011/05/28 17:25:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\JPGL.DLL
[2011/05/28 17:25:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\DIV_IYUV.DLL
[2011/05/28 17:25:15 | 002,093,106 | ---- | C] () -- C:\WINDOWS\select.exe
[2011/05/28 17:25:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\select2.exe
[2011/05/28 17:25:15 | 000,127,038 | ---- | C] () -- C:\WINDOWS\Clement.exe
[2011/05/28 17:25:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dcccp106.dll
[2011/05/28 17:25:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vcccp106.dll
[2011/05/28 17:25:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2011/05/28 17:25:15 | 000,015,542 | ---- | C] () -- C:\WINDOWS\cccp106.ini
[2011/05/28 17:25:15 | 000,000,321 | ---- | C] () -- C:\WINDOWS\DC2110a.ini
[2011/05/18 23:15:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/16 02:51:16 | 000,000,011 | ---- | C] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2011/05/16 02:45:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2011/05/16 02:44:01 | 000,004,667 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2011/05/15 07:35:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/15 07:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2011/05/15 07:32:44 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/15 05:18:13 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/15 03:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/15 02:19:14 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/05/15 02:14:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 02:10:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 11:25:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/10/04 14:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/31 13:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 17:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 17:30:00 | 000,493,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 17:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 17:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 17:30:00 | 000,083,802 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 17:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 17:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 17:30:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 17:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/15 04:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/05/15 03:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/15 03:10:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/18 02:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/05/15 03:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/15 06:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2011/05/15 04:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\Absolute Poker
[2011/05/15 04:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\acccore
[2011/05/15 03:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\AVG10
[2011/07/20 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\BitTorrent
[2011/06/29 15:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\Foxit Software
[2011/06/15 02:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\HEM Data
[2011/05/15 04:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\OpenOffice.org
[2011/05/22 08:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\Qualys
[2011/05/15 07:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\Roaming
[2011/05/29 02:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\UBNet
[2011/05/15 02:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NK\Application Data\WinPatrol

========== Purity Check ==========



< End of report >

Edited by geekyandhow, 26 July 2011 - 07:17 AM.

  • 0

Advertisements

#2
Essexboy
Posted 28 July 2011 - 02:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay could you update me on the problems please

Run a fresh OTL scan with the following settings

[list]
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


NEXT

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
geekyandhow
Posted 28 July 2011 - 06:44 PM

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hi,

Thank you so much for the reply. The main problems I have are:

1) These threats shown by AVG after downloading some Google Desktop app, screenshots: http://imm.io/7kFB and http://imm.io/7kFC

2) No volume "ding" sound when I scroll the volume bar up and down next to the clock and no volume on Windows start and shutdown, but all other volumes working fine. Note that this problem is not related to the above problem because I am experiencing this since a month now while the virus alert occurred just last week.

3) Multiple IEXPLORE.EXE processes even after closing Internet Explorer

4) Mozilla Firefox using upto 1000 MB of memory sometimes, as shown by Task Manager

I did an OTL scan and aswMBR scan as instructed and here are the logs:

OTL logfile created on: 7/29/2011 5:48:15 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\NK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 69.21% Memory free
3.72 Gb Paging File | 3.28 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 214.84 Gb Total Space | 194.93 Gb Free Space | 90.73% Space Free | Partition Type: NTFS
Drive D: | 18.03 Gb Total Space | 16.36 Gb Free Space | 90.74% Space Free | Partition Type: NTFS

Computer Name: NK-F5FFDC7 | User Name: NK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/26 05:37:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NK\Desktop\OTL.exe
PRC - [2011/05/25 11:39:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/16 01:23:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2008/04/14 11:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/17 07:32:54 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe
PRC - [2002/12/20 04:47:56 | 000,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe


========== Modules (SafeList) ==========

MOD - [2011/07/26 05:37:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NK\Desktop\OTL.exe
MOD - [2011/05/16 01:23:34 | 000,064,600 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2010/08/23 21:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/12/20 04:46:50 | 000,073,728 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenuHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/22 04:00:55 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 11:39:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/28 10:45:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2007/09/20 16:37:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 16:37:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/05/10 15:58:08 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/04/09 11:17:14 | 000,227,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cccp106.sys -- (CCCP106) CIF USB Camera (2110A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\NK\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 17:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/20 18:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 04:27:56 | 000,000,000 | ---D | M]

[2011/07/20 18:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NK\Application Data\Mozilla\Extensions
[2011/07/27 22:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NK\Application Data\Mozilla\Firefox\Profiles\974zlf84.default\extensions
[2011/07/21 02:52:33 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\NK\Application Data\Mozilla\Firefox\Profiles\974zlf84.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2011/07/21 00:52:12 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\NK\Application Data\Mozilla\Firefox\Profiles\974zlf84.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/07/20 18:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/17 04:47:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\{B9615918-D3DE-44A4-AB65-76DF7EA1F1C1}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\974ZLF84.DEFAULT\EXTENSIONS\[email protected]
[2011/05/16 03:06:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 12:46:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/17 04:47:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 13:30:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1757981266-861567501-1606980848-1003..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula)
O4 - Startup: C:\Documents and Settings\NK\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1757981266-861567501-1606980848-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-861567501-1606980848-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1757981266-861567501-1606980848-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 59.185.0.23 59.185.0.50
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/15 02:12:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{679785f2-8703-11e0-9f38-001b2207096f}\Shell - "" = AutoRun
O33 - MountPoints2\{679785f2-8703-11e0-9f38-001b2207096f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{679785f2-8703-11e0-9f38-001b2207096f}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 17:33:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NK\Recent
[2011/07/26 05:36:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NK\Desktop\OTL.exe
[2011/07/23 03:40:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/22 03:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2011/07/22 03:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/07/22 03:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\My Documents\Anti-Malware
[2011/07/22 03:22:10 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2011/07/22 03:14:11 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2011/07/22 02:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Local Settings\Application Data\Help
[2011/07/22 02:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Application Data\Help
[2011/07/22 02:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\RamBooster 2.0
[2011/07/20 18:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Application Data\Mozilla
[2011/07/20 17:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Application Data\Google
[2011/07/20 17:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Local Settings\Application Data\WMTools Downloaded Files
[2011/07/20 15:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/07/20 15:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\My Documents\My Google Gadgets
[2011/07/05 20:15:21 | 000,195,072 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1.dll
[2011/07/05 20:15:20 | 000,053,632 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVENETFD.sys
[2011/07/05 20:15:18 | 000,356,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2011/07/05 20:14:48 | 000,037,376 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvconrm.dll
[2011/07/05 20:14:48 | 000,009,216 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1.dll
[2011/07/05 20:14:47 | 000,888,064 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnrm.sys
[2011/07/05 20:14:47 | 000,022,016 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnetbus.sys
[2011/07/05 20:08:57 | 000,069,632 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2011/06/29 15:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NK\Application Data\Foxit Software
[2011/06/29 13:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cake Poker
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/29 05:21:07 | 000,493,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/29 05:21:07 | 000,083,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/29 05:16:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/28 19:40:33 | 125,895,620 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/26 05:37:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NK\Desktop\OTL.exe
[2011/07/25 02:57:52 | 003,747,968 | ---- | M] () -- C:\Documents and Settings\NK\Desktop\04 - Senorita.mp3
[2011/07/25 02:08:31 | 000,104,642 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/23 03:40:31 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/22 20:35:05 | 000,658,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/07/22 03:52:15 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2011/07/22 03:14:20 | 000,647,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2011/07/21 04:04:03 | 000,001,251 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Songs.lnk
[2011/07/21 03:13:17 | 000,518,343 | ---- | M] () -- C:\shot0.png
[2011/07/21 00:03:31 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerRatings.lnk
[2011/07/20 19:32:15 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\NK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/20 18:25:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/20 16:13:29 | 000,000,122 | ---- | M] () -- C:\WINDOWS\_vmtxp.ini
[2011/07/19 21:21:22 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Names.lnk
[2011/07/13 23:35:23 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 17:19:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 15:54:22 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/07/05 15:37:18 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/05 15:20:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/25 02:57:44 | 003,747,968 | ---- | C] () -- C:\Documents and Settings\NK\Desktop\04 - Senorita.mp3
[2011/07/22 03:52:15 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2011/07/22 02:30:07 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Launch RamBooster 2.0.lnk
[2011/07/21 04:03:27 | 000,001,251 | ---- | C] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Songs.lnk
[2011/07/21 03:13:17 | 000,518,343 | ---- | C] () -- C:\shot0.png
[2011/07/20 18:25:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/20 16:23:06 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerRatings.lnk
[2011/07/20 16:07:13 | 000,000,122 | ---- | C] () -- C:\WINDOWS\_vmtxp.ini
[2011/07/19 21:21:22 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\Names.lnk
[2011/07/19 00:44:24 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\NK\Start Menu\Programs\BitTorrent.lnk
[2011/07/05 20:15:19 | 000,004,805 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2011/06/18 01:32:47 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/18 01:32:47 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/18 01:32:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/18 01:32:26 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/29 23:31:01 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/28 17:25:16 | 000,227,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\cccp106.sys
[2011/05/28 17:25:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\JPGL.DLL
[2011/05/28 17:25:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\DIV_IYUV.DLL
[2011/05/28 17:25:15 | 002,093,106 | ---- | C] () -- C:\WINDOWS\select.exe
[2011/05/28 17:25:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\select2.exe
[2011/05/28 17:25:15 | 000,127,038 | ---- | C] () -- C:\WINDOWS\Clement.exe
[2011/05/28 17:25:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dcccp106.dll
[2011/05/28 17:25:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vcccp106.dll
[2011/05/28 17:25:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2011/05/28 17:25:15 | 000,015,542 | ---- | C] () -- C:\WINDOWS\cccp106.ini
[2011/05/28 17:25:15 | 000,000,321 | ---- | C] () -- C:\WINDOWS\DC2110a.ini
[2011/05/18 23:15:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/16 02:51:16 | 000,000,011 | ---- | C] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2011/05/16 02:45:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2011/05/16 02:44:01 | 000,004,667 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2011/05/15 07:35:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/15 07:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2011/05/15 07:32:44 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/15 05:18:13 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/15 03:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/15 02:19:14 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/05/15 02:14:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 02:10:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 11:25:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/10/04 14:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/31 13:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 17:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 17:30:00 | 000,493,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 17:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 17:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 17:30:00 | 000,083,802 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 17:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 17:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 17:30:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 17:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/14 11:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 11:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 11:12:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 11:12:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 11:12:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 11:12:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 11:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 11:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/08 12:46:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/08 12:46:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/08 12:46:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/08 12:46:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/08 12:46:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/08 12:46:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 17:31:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 17:31:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 17:31:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/08 12:46:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/08 12:46:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/08 12:46:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/08 12:46:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/08 12:46:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/08 12:46:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 17:31:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 17:31:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 17:31:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >



aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-29 05:54:37
-----------------------------
05:54:37.841 OS Version: Windows 5.1.2600 Service Pack 3
05:54:37.841 Number of processors: 2 586 0x1706
05:54:37.841 ComputerName: NK-F5FFDC7 UserName: NK
05:54:38.435 Initialize success
05:58:43.669 AVAST engine defs: 11072801
05:59:02.669 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
05:59:02.669 Disk 0 Vendor: ST3250310AS 4.AAA Size: 238475MB BusType: 3
05:59:02.685 Disk 0 MBR read successfully
05:59:02.685 Disk 0 MBR scan
05:59:02.716 Disk 0 Windows XP default MBR code
05:59:02.716 Disk 0 scanning sectors +488376000
05:59:02.779 Disk 0 scanning C:\WINDOWS\system32\drivers
05:59:08.326 Service scanning
05:59:09.091 Modules scanning
05:59:26.935 Disk 0 trace - called modules:
05:59:26.951 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:59:26.951 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89c6eab8]
05:59:26.951 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x89c889e8]
05:59:26.951 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x89c46d98]
05:59:27.326 AVAST engine scan C:\WINDOWS
05:59:31.123 AVAST engine scan C:\WINDOWS\system32
06:00:38.326 AVAST engine scan C:\WINDOWS\system32\drivers
06:00:48.029 AVAST engine scan C:\Documents and Settings\NK
06:05:09.716 AVAST engine scan C:\Documents and Settings\All Users
06:05:47.482 Scan finished successfully
06:06:07.466 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NK\Desktop\MBR.dat"
06:06:07.466 The log file has been saved successfully to "C:\Documents and Settings\NK\Desktop\aswMBR.txt"


Thanks!
  • 0

#4
Essexboy
Posted 29 July 2011 - 09:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing showing there, and Nircmd is a programme that can be good or bad dependant on the context it is used in

The multiple IE's suggest a driver that I am not seeing at the moment - so lets check them out

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
geekyandhow
Posted 29 July 2011 - 11:08 AM

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hi,

Thanks. I disabled my AVG anti-virus before running Combo-fix and I got atleast 4 unwanted file/malware alerts from AVG named malware.gen, nircmd.exe, etc. Also, after the scan, I got a WinPatrol alert that my HOSTS file in system32 had been modified. The computer is running fine except the issues I've already mentioned above. Here's the Combo-fix log:

ComboFix 11-07-29.01 - NK 07/29/2011 22:23:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1322 [GMT 5.5:30]
Running from: c:\documents and settings\NK\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\YAHELITE.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-21 22:22 . 2011-07-22 15:01 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-07-21 21:52 . 2000-05-22 21:58 1066176 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-07-21 21:44 . 2011-07-21 21:44 647872 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-07-21 21:04 . 2011-07-21 21:04 -------- d-----w- c:\documents and settings\NK\Local Settings\Application Data\Help
2011-07-21 21:00 . 2011-07-21 21:04 -------- d-----w- c:\program files\RamBooster 2.0
2011-07-20 11:39 . 2011-07-20 11:39 -------- d-----w- c:\documents and settings\NK\Local Settings\Application Data\WMTools Downloaded Files
2011-07-18 14:43 . 2010-03-18 03:45 770384 ----a-w- c:\documents and settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\msvcr100.dll
2011-07-18 14:43 . 2010-03-18 03:45 421200 ----a-w- c:\documents and settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\msvcp100.dll
2011-07-05 14:45 . 2007-09-20 11:07 195072 ----a-r- c:\windows\system32\fdco1.dll
2011-07-05 14:45 . 2007-09-20 11:07 53632 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-07-05 14:45 . 2007-09-15 02:19 356352 ----a-w- c:\windows\system32\nvunrm.exe
2011-07-05 14:44 . 2007-09-20 11:06 9216 ----a-r- c:\windows\system32\bdco1.dll
2011-07-05 14:44 . 2007-09-15 02:19 37376 ----a-r- c:\windows\system32\nvconrm.dll
2011-07-05 14:44 . 2007-09-20 11:07 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-07-05 14:44 . 2007-09-20 11:07 888064 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-07-05 14:38 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 18:46 . 2011-06-15 17:05 358400 ----a-w- c:\documents and settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\PokerRatings.exe
2011-07-06 14:22 . 2011-05-14 21:13 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 14:22 . 2011-05-14 21:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 10:07 . 2011-05-14 22:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 11:23 . 2011-06-15 17:05 126976 ----a-w- c:\documents and settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\ru\PokerRatings.resources.dll
2011-06-16 23:17 . 2011-06-16 23:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-16 23:17 . 2011-05-14 21:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02 . 2008-04-14 01:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 06:09 . 2007-10-04 09:14 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2007-10-04 09:14 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2007-10-04 09:14 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2007-10-04 09:14 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-17 20:02 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-17 20:02 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-17 20:02 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-17 20:02 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-17 20:02 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-06-17 20:02 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2007-10-04 09:14 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2007-10-04 09:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-06-17 20:02 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-06-17 20:02 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2007-10-04 09:14 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2007-10-04 09:14 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2007-10-04 09:14 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-21 04:30 . 2011-06-15 17:05 28672 ----a-w- c:\documents and settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\client.dll
2011-05-21 04:28 . 2011-06-15 17:05 10752 ----a-w- c:\documents and settings\NK\Application Data\Microsoft\Internet Explorer\Quick Launch\NK\Poker\Softwares\PokerRatings\hotkey.dll
2011-05-20 17:40 . 2011-05-20 17:40 388096 ----a-r- c:\documents and settings\NK\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-15 00:33 . 2011-05-15 00:33 45056 ----a-r- c:\documents and settings\NK\Application Data\Microsoft\Installer\{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}\VPhotoResize.exe_D3621EAA00D6479197BF7E8EE3437BF2.exe
2011-05-15 00:33 . 2011-05-15 00:33 45056 ----a-r- c:\documents and settings\NK\Application Data\Microsoft\Installer\{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}\NewShortcut3_D3621EAA00D6479197BF7E8EE3437BF2.exe
2011-05-14 23:47 . 2011-05-14 23:47 315392 ----a-w- c:\windows\HideWin.exe
2011-05-02 15:31 . 2011-05-14 20:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-08 07:16 . 2011-07-20 12:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
c:\documents and settings\NK\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-20 57344]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-07-20 09:54 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-10 10:08 16342528 ------r- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [3/9/2011 7:24 PM 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/18/2011 1:33 AM 2214504]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [7/22/2011 3:52 AM 73728]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [5/28/2011 5:25 PM 227200]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/20/2011 3:24 PM 30192]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/15/2011 2:43 AM 22712]
S3 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [7/22/2011 3:52 AM 3029208]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/15/2011 2:43 AM 366640]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 59.185.0.23 59.185.0.50
TCP: Interfaces\{F3F4529B-486A-495D-9B36-F1BDE61424DD}: NameServer = 59.185.0.23,59.185.0.50
FF - ProfilePath - c:\documents and settings\NK\Application Data\Mozilla\Firefox\Profiles\974zlf84.default\
FF - prefs.js: browser.startup.homepage - google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 22:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\PowerMenu\PowerMenuHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-07-29 22:30:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-29 17:00
.
Pre-Run: 209,216,311,296 bytes free
Post-Run: 209,274,011,648 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D7E454DFFBF5F6611961B7B937377380

Edited by geekyandhow, 29 July 2011 - 11:10 AM.

  • 0

#6
Essexboy
Posted 29 July 2011 - 11:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nircmd was being used by combofix - this is an example of a good use :)

Again nothing really showing there - are there any adverse problems being experienced ?
  • 0

#7
geekyandhow
Posted 29 July 2011 - 01:25 PM

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
1) The computer is working fine. I had received those virus alerts from AVG when installing some app for Google Desktop, so I was afraid I might have been infected. I moved it to Virus Vault. Tell me one thing, when I receive any alert from AVG and if I click "Move to Virus Vault", should I still be concerned or does it mean the virus has TOTALLY been removed? Also, should I go to the AVG Virus Vault and delete them again from there as well?

2) Still no volume "ding" sound when I scroll the volume bar up and down next to the clock and no volume on Windows start and shutdown, but all other volumes working fine. Note that this problem is not related to the above problem because I am experiencing this since a month now while the virus alert occurred just last week.

3) Multiple IEXPLORE.EXE processes even after closing Internet Explorer are still there.

4) Mozilla Firefox still using upto 1000 MB of memory sometimes, as shown by Task Manager.

:)
  • 0

#8
Essexboy
Posted 29 July 2011 - 01:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets look even deeper

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#9
geekyandhow
Posted 29 July 2011 - 02:54 PM

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
The Kaspersky program detected 1 threat, here's the screenshot: http://imm.io/7FrD

Your screenshots/instructions are of the older version of the program and slightly different so I couldn't exactly follow the steps properly but I've tried my best.

I tried attaching the two reports:

1) Autoscan Report (Size: 25.1 MB, Zipped to 1.18 MB)
2) Manual Disinfection Report

But it gives this error while attaching the first file: Error This file was too big to upload since the file exceeds 1 MB.

How do I upload it?

Edited by geekyandhow, 29 July 2011 - 02:57 PM.

  • 0

#10
Essexboy
Posted 29 July 2011 - 03:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Skip the first file as the malware was in system restore

Could you just attach the analysis zip please/

Ta for the heads up I will run the new version now :)
  • 0

Advertisements

#11
Essexboy
Posted 29 July 2011 - 04:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does this look better ?

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Automatic Scan report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#12
geekyandhow
Posted 29 July 2011 - 07:32 PM

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Oh so there was actually some malware?? :)

Ok, I attached the second file.

Thanks :unsure:

P.S. For the Autoscan settings, I had only selected upto "My computer" as per your previous instructions and missed out on C:, so I am re-scanning only C: now and will let you know if it's clear or not as well. Ok, done with that, the results are clean.

Attached Files


Edited by geekyandhow, 29 July 2011 - 08:12 PM.

  • 0

#13
Essexboy
Posted 30 July 2011 - 04:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thanks for the info - the programme definitely has changed :)

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution
    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End
    Posted Image
    begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteFile('C:\Documents and Settings\NEVILLE\Local Settings\Temp\_uninst_08643813.bat');
 BC_DeleteFile('C:\Documents and Settings\NEVILLE\Local Settings\Temp\_uninst_08643813.bat');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

  • 0

#14
geekyandhow
Posted 30 July 2011 - 04:37 AM

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Argh, I removed it from my desktop and right now my internet is really slow so it will take 2 hours or more to download the 95 MB Kaspersky Virus Removal Tool again :)

Is there another alternative/smaller program out there or should I wait this long for the download to complete?
  • 0

#15
Essexboy
Posted 30 July 2011 - 04:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it in your recycle bin still ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP