Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Open Cloud security virus help

Started by Tom Michael , Sep 27 2011 08:58 PM

  • This topic is locked This topic is locked

#1
Tom Michael
Posted 27 September 2011 - 08:58 PM

Tom Michael

    New Member

  • Member
  • Pip
  • 4 posts
I am running Windows XP. I am infected with the Open Cloud security virus. I can not seem to get anywhere in removing this . Can any one help

OTL logfile created on: 9/27/2011 10:52:24 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 84.82% Memory free
2.85 Gb Paging File | 2.75 Gb Available in Paging File | 96.55% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 25.32 Gb Free Space | 67.96% Space Free | Partition Type: NTFS
Drive E: | 953.19 Mb Total Space | 943.22 Mb Free Space | 98.95% Space Free | Partition Type: FAT

Computer Name: OWNER-2259CF5F7 | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 22:50:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 07:48:10 | 000,468,368 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/15 02:28:24 | 000,150,928 | ---- | M] (Microsoft ® Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2009/02/11 20:12:38 | 000,167,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)
SRV - [2007/03/15 15:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2005/05/11 22:27:56 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ccs.exe -- (CCS)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/06/21 08:51:10 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/06/21 08:51:03 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/08/21 00:52:42 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/26 07:26:36 | 000,335,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/04/14 00:01:34 | 000,036,352 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/02/27 11:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/01/07 15:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/09/26 03:52:50 | 001,320,960 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\csco21.sys -- (CSCO21)
DRV - [2007/03/12 21:48:56 | 000,351,744 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/03/06 22:39:20 | 000,694,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/03/06 22:39:20 | 000,135,424 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/03/06 22:39:20 | 000,099,712 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/03/06 22:39:12 | 000,329,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2004/12/09 15:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/04/26 09:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/02/20 10:35:28 | 000,059,044 | R--- | M] (Hewlett-Packard) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys)
DRV - [2003/07/29 01:49:00 | 000,182,101 | R--- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003/07/24 15:50:00 | 000,005,689 | R--- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/25 07:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 19:25:00 | 000,000,000 | ---D | M]

[2011/06/06 20:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/06/06 20:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/09/04 12:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/25 07:40:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/08/31 18:55:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/31 16:23:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/08 19:25:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/20 10:42:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 08:53:24 | 000,434,940 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14971 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ADU] C:\Program Files\Cisco Aironet\ADU.exe (Cisco)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AttachmentWipermail.marycariola.org] C:\Documents and Settings\Owner\Forefront UAG Remote Access Agent\mailmarycariolaorg\mail1\AttachmentWiper.exeBatchRun\run.bat ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Documents and Settings\Owner\Application Data\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: myway.com ([www] http in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Poker%20Superstars%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1283288158545 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1283288249486 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://mail.marycar.../WhlCompMgr.cab (Forefront UAG endpoint components)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Poker%20Superstars%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B4EB3D3-C396-440E-8AAA-B7A16B870561}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F33A15-83F4-4513-8F62-B97BAA7EEDD7}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (cscogina.dll) -C:\WINDOWS\System32\cscogina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1980/01/04 21:02:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ymPZ4gnLrbKeUw1
[2011/09/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\T0qaxGNpRBoEiCQ
[2011/09/27 22:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\UcYH0axGqxRBEiC
[2011/09/27 22:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\hymZtnLr2
[2011/09/27 22:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\zxTGNpzF8lD7S
[2011/09/27 22:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\LhPtnLrbKevJsHa
[2011/09/27 21:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/27 21:59:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/27 21:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\tJwcHqxG9zF8Fl7
[2011/09/27 21:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Y7iWS6uQ5hP4n3b
[2011/09/27 10:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\joEViWCiWC
[2011/09/27 10:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IgnOLrfIvJwc0xN
[2011/09/27 09:24:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/27 09:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\kwscY0qxG9zFoDi
[2011/09/27 09:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GyhmP4tnLrbKdJs
[2011/09/27 08:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ZV7ikSCuQXym4n3
[2011/09/27 08:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\zwscY0qxGpRBl
[2011/09/27 00:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/27 00:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/27 00:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\XGN9pRF8lD7kCjX
[2011/09/27 00:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RedvU1wcHqx
[2011/09/27 00:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\lAAX5yhmZtnLtn3
[2011/09/27 00:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\e999pRFB8lD7kSu
[2011/09/27 00:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\cJ11wscH0axGpR9
[2011/09/25 07:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/25 07:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2011/09/25 07:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/25 07:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/05 16:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Poker Superstars III - Gold Chip Challenge Documents
[2011/09/05 16:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2011/09/05 16:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 15:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Originals
[2011/09/05 15:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PhotoScape
[2011/09/05 15:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape
[2011/09/05 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 22:44:35 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\uhvit.sys
[2011/09/27 22:24:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/27 22:22:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/27 22:18:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4211796800
[2011/09/27 22:18:45 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/09/27 22:13:53 | 105,212,729 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/27 21:59:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 09:01:32 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/09/27 08:55:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 00:39:02 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/09/25 07:40:31 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/25 07:30:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/25 07:24:50 | 000,240,762 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\img-110922184530.pdf
[2011/09/24 16:40:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2011/09/20 19:35:33 | 000,110,706 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/09/14 23:33:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/05 16:12:40 | 000,015,382 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\scotch ale label.JPG
[2011/09/05 15:55:29 | 000,027,364 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dd.jpg
[2011/09/05 15:54:24 | 000,027,364 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bbbbbb.jpg
[2011/09/05 15:51:48 | 000,011,264 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\photothumb.db
[2011/09/05 15:41:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2011/09/05 15:41:16 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PhotoScape.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/27 22:44:35 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\uhvit.sys
[2011/09/27 21:59:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 09:04:31 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/09/27 00:31:31 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/09/27 00:28:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4211796800
[2011/09/25 07:40:31 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/25 07:27:56 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/25 07:27:56 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/25 07:24:47 | 000,240,762 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\img-110922184530.pdf
[2011/09/05 16:12:40 | 000,015,382 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\scotch ale label.JPG
[2011/09/05 15:55:29 | 000,027,364 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dd.jpg
[2011/09/05 15:51:47 | 000,011,264 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\photothumb.db
[2011/09/05 15:41:16 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2011/09/05 15:41:16 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PhotoScape.lnk
[2011/09/05 15:34:49 | 000,027,364 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bbbbbb.jpg
[2011/06/12 07:43:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/01 18:08:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ccs.exe
[2011/06/01 18:08:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/05/28 10:22:24 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 05:14:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/31 18:53:27 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/08/31 18:48:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/31 16:47:44 | 000,001,081 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2010/08/31 16:43:59 | 000,000,239 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/08/31 13:02:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 12:47:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/21 08:51:02 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/06/21 08:50:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/06/21 08:50:58 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/06/21 08:50:50 | 000,174,818 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/05 17:14:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 00:01:34 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/08 08:26:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[1980/01/05 14:54:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[1980/01/05 14:52:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1980/01/05 14:50:43 | 000,169,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1980/01/04 21:03:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys

========== LOP Check ==========

[2011/09/25 12:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/01 18:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/06/16 05:45:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/28 10:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Idea Spectrum
[2011/09/27 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/14 11:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/08/17 10:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/09/15 19:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/06 20:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/08/06 21:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/06/02 21:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/25 07:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2011/08/06 09:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BeerTools Pro
[2011/09/27 00:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cJ11wscH0axGpR9
[2011/09/27 00:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\e999pRFB8lD7kSu
[2011/09/05 16:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2011/05/28 10:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2011/09/27 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GyhmP4tnLrbKdJs
[2011/09/27 22:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\hymZtnLr2
[2011/09/27 10:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IgnOLrfIvJwc0xN
[2010/08/31 18:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2011/09/27 10:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\joEViWCiWC
[2011/09/27 09:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\kwscY0qxG9zFoDi
[2011/09/27 00:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\lAAX5yhmZtnLtn3
[2011/09/27 22:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LhPtnLrbKevJsHa
[2011/09/05 16:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PhotoScape
[2011/09/27 00:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RedvU1wcHqx
[2011/08/16 08:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2011/09/27 22:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\T0qaxGNpRBoEiCQ
[2010/08/31 18:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2011/09/27 21:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\tJwcHqxG9zF8Fl7
[2011/06/06 20:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2011/09/27 22:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UcYH0axGqxRBEiC
[2011/09/27 22:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XGN9pRF8lD7kCjX
[2011/09/27 21:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Y7iWS6uQ5hP4n3b
[2011/09/27 22:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ymPZ4gnLrbKeUw1
[2011/09/27 08:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ZV7ikSCuQXym4n3
[2011/09/27 08:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\zwscY0qxGpRBl
[2011/09/27 22:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\zxTGNpzF8lD7S

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:812B8D5E
@Alternate Data Stream - 784 bytes -> C:\WINDOWS\4211796800:3205821700.exe
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5AF5CFD

< End of report >
  • 0

Advertisements

#2
sempai
Posted 02 October 2011 - 09:28 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello Tom Michael and welcome to G2G. :)

We need to see a fresh log. Please run OTL again and post the new report for my review. Thanks.
  • 0

#3
Tom Michael
Posted 02 October 2011 - 11:01 AM

Tom Michael

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 10/2/2011 12:38:57 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.09% Memory free
2.85 Gb Paging File | 2.35 Gb Available in Paging File | 82.29% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.61 Gb Free Space | 63.37% Space Free | Partition Type: NTFS
Drive E: | 953.19 Mb Total Space | 908.06 Mb Free Space | 95.27% Space Free | Partition Type: FAT

Computer Name: OWNER-2259CF5F7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\4211796800:3205821700.exe
PRC - [2011/09/27 22:50:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/12/15 20:20:42 | 000,491,520 | ---- | M] (Samsung Electronices Co., Ltd.) -- C:\Documents and Settings\Owner\Application Data\Verizon\UA_ar\UtilityApplication.exe
PRC - [2010/09/15 02:28:24 | 000,150,928 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2009/08/25 13:23:04 | 000,368,640 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 15:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2005/05/11 22:29:12 | 000,299,008 | ---- | M] (Cisco) -- C:\Program Files\Cisco Aironet\ADU.exe
PRC - [2005/05/11 22:27:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\ccs.exe
PRC - [2005/02/02 20:12:24 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [1996/11/17 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2009/08/25 13:23:04 | 000,368,640 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
MOD - [2009/04/21 18:30:32 | 000,221,184 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanDll.dll
MOD - [2009/03/24 15:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanSup.dll
MOD - [2009/03/10 20:03:52 | 000,184,320 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WPSCtrl.dll
MOD - [2009/01/23 12:58:00 | 000,212,992 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCtl.dll
MOD - [2008/06/27 11:10:30 | 000,118,784 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanWPS.dll
MOD - [2007/12/15 02:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\acAuth.dll
MOD - [2005/05/11 22:27:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\ccs.exe
MOD - [1996/11/17 00:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1996/11/17 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (DMService)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/15 02:28:24 | 000,150,928 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2009/02/11 20:12:38 | 000,167,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)
SRV - [2007/03/15 15:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2005/05/11 22:27:56 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ccs.exe -- (CCS)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/06/21 08:51:10 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/06/21 08:51:03 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/08/21 00:52:42 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/26 07:26:36 | 000,335,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/02/27 11:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/01/07 15:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/09/26 03:52:50 | 001,320,960 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\csco21.sys -- (CSCO21)
DRV - [2007/03/12 21:48:56 | 000,351,744 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/03/06 22:39:20 | 000,694,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/03/06 22:39:20 | 000,135,424 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/03/06 22:39:20 | 000,099,712 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/03/06 22:39:12 | 000,329,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2004/12/09 15:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/04/26 09:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/02/20 10:35:28 | 000,059,044 | R--- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys)
DRV - [2003/07/29 01:49:00 | 000,182,101 | R--- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003/07/24 15:50:00 | 000,005,689 | R--- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/28 16:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 19:25:00 | 000,000,000 | ---D | M]

[2011/06/06 20:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/06/06 20:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/09/04 12:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/28 16:16:02 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/08/31 18:55:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/31 16:23:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/08 19:25:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/20 10:42:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 08:53:24 | 000,434,940 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14971 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ADU] C:\Program Files\Cisco Aironet\ADU.exe (Cisco)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AttachmentWipermail.marycariola.org] C:\Documents and Settings\Owner\Forefront UAG Remote Access Agent\mailmarycariolaorg\mail1\AttachmentWiper.exeBatchRun\run.bat ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Documents and Settings\Owner\Application Data\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: myway.com ([www] http in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Poker%20Superstars%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1283288158545 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1283288249486 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://mail.marycar.../WhlCompMgr.cab (Forefront UAG endpoint components)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Poker%20Superstars%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B4EB3D3-C396-440E-8AAA-B7A16B870561}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F33A15-83F4-4513-8F62-B97BAA7EEDD7}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (cscogina.dll) -C:\WINDOWS\System32\cscogina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1980/01/04 21:02:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 17:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\b
[2011/09/28 17:49:52 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/28 16:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG
[2011/09/28 16:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/09/28 16:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/27 23:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/27 23:03:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ymPZ4gnLrbKeUw1
[2011/09/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\T0qaxGNpRBoEiCQ
[2011/09/27 22:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\UcYH0axGqxRBEiC
[2011/09/27 22:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\hymZtnLr2
[2011/09/27 22:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\zxTGNpzF8lD7S
[2011/09/27 22:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\LhPtnLrbKevJsHa
[2011/09/27 21:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\tJwcHqxG9zF8Fl7
[2011/09/27 21:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Y7iWS6uQ5hP4n3b
[2011/09/27 10:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\joEViWCiWC
[2011/09/27 10:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IgnOLrfIvJwc0xN
[2011/09/27 09:24:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/27 09:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\kwscY0qxG9zFoDi
[2011/09/27 09:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GyhmP4tnLrbKdJs
[2011/09/27 08:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ZV7ikSCuQXym4n3
[2011/09/27 08:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\zwscY0qxGpRBl
[2011/09/27 00:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/27 00:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/27 00:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\XGN9pRF8lD7kCjX
[2011/09/27 00:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RedvU1wcHqx
[2011/09/27 00:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\lAAX5yhmZtnLtn3
[2011/09/27 00:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\e999pRFB8lD7kSu
[2011/09/27 00:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\cJ11wscH0axGpR9
[2011/09/25 07:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2011/09/25 07:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/25 07:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/05 16:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Poker Superstars III - Gold Chip Challenge Documents
[2011/09/05 16:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2011/09/05 16:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 15:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Originals
[2011/09/05 15:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PhotoScape
[2011/09/05 15:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape
[2011/09/05 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/02 12:42:25 | 105,613,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/02 12:37:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/02 12:37:36 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Owner Logon.job
[2011/10/02 12:37:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4211796800
[2011/10/02 12:37:14 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/10/02 12:37:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/02 12:37:11 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 17:57:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/28 17:51:43 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/28 17:49:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 16:45:28 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/09/28 16:45:28 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AVG PC Tuneup 2011.lnk
[2011/09/28 16:16:02 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/27 09:01:32 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/09/25 07:30:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/25 07:24:50 | 000,240,762 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\img-110922184530.pdf
[2011/09/24 16:40:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2011/09/14 23:33:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/05 16:12:40 | 000,015,382 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\scotch ale label.JPG
[2011/09/05 15:55:29 | 000,027,364 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dd.jpg
[2011/09/05 15:54:24 | 000,027,364 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bbbbbb.jpg
[2011/09/05 15:51:48 | 000,011,264 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\photothumb.db
[2011/09/05 15:41:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2011/09/05 15:41:16 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PhotoScape.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/28 17:49:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 16:45:39 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Owner Logon.job
[2011/09/28 16:45:28 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/09/28 16:45:28 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AVG PC Tuneup 2011.lnk
[2011/09/28 16:16:02 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/27 23:01:08 | 2146,881,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/27 09:04:31 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/09/27 00:31:31 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/09/27 00:28:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4211796800
[2011/09/25 07:27:56 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/25 07:27:56 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/25 07:24:47 | 000,240,762 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\img-110922184530.pdf
[2011/09/05 16:12:40 | 000,015,382 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\scotch ale label.JPG
[2011/09/05 15:55:29 | 000,027,364 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dd.jpg
[2011/09/05 15:51:47 | 000,011,264 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\photothumb.db
[2011/09/05 15:41:16 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2011/09/05 15:41:16 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PhotoScape.lnk
[2011/09/05 15:34:49 | 000,027,364 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bbbbbb.jpg
[2011/06/12 07:43:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/01 18:08:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ccs.exe
[2011/06/01 18:08:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/05/28 10:22:24 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 05:14:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/31 18:53:27 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/08/31 18:48:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/31 16:47:44 | 000,001,081 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2010/08/31 16:43:59 | 000,000,239 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/08/31 13:02:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 12:47:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/21 08:51:02 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/06/21 08:50:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/06/21 08:50:58 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/06/21 08:50:50 | 000,174,818 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/05 17:14:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/08 08:26:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[1980/01/05 14:54:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[1980/01/05 14:52:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1980/01/05 14:50:43 | 000,169,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1980/01/04 21:03:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:812B8D5E
@Alternate Data Stream - 784 bytes -> C:\WINDOWS\4211796800:3205821700.exe
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5AF5CFD

< End of report >
  • 0

#4
sempai
Posted 02 October 2011 - 11:34 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
One or more of the identified infections is a backdoor trojan/rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do.


=====================================


Please follow the instructions below only if you do not wish to reformat.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#5
Tom Michael
Posted 04 October 2011 - 04:13 AM

Tom Michael

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I will reformat. Please reply with directions
  • 0

#6
sempai
Posted 04 October 2011 - 08:18 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Good choice, :)

The most important thing before doing a reformat and OS reinstall is to make sure that you have the copy of your Windows product key and the drivers for your hardware (Modem, Sound, Video, etc). You can download current drivers from many manufacturer's support web sites if needed.

Here is a very good tutorial about reformat and OS reinstall: http://helpdesk.its....ns/reformat.htm
  • 0

#7
sempai
Posted 10 October 2011 - 05:53 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP