Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! re: WIN32/KATUSHA.A, virus/trojan (Combofix log attch)

Started by RSGsecurity , Nov 08 2011 12:42 PM

  • This topic is locked This topic is locked

#16
RSGsecurity
Posted 09 November 2011 - 02:42 PM

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
lol mine doesent :)

ping.jpg

but yes this message when I try and start DNS service seems to be a prob.
"error 1075 the dependency service does not exist or has been marked for deletion"

Edited by RSGsecurity, 09 November 2011 - 02:44 PM.

  • 0

Advertisements

#17
Essexboy
Posted 09 November 2011 - 02:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Right lets look at that registry key

Run OTL and paste the following into the custom scan/fixes box and press quick scan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp /s
  • 0

#18
Essexboy
Posted 09 November 2011 - 02:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you rebooted since you ran combofix ? If not please do so first
  • 0

#19
RSGsecurity
Posted 09 November 2011 - 02:50 PM

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
yeh I ran combofix yesterday, made several reboots since. just running the OTL now, should not be long.
  • 0

#20
Essexboy
Posted 09 November 2011 - 03:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OOps I just realised I gave you the xp result :)

This is the Vista / 7 output

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: DHCP
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetw
orkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : NSI
: Tdx
: Afd
SERVICE_START_NAME : NT Authority\LocalService

C:\Users\Martin>
  • 0

#21
RSGsecurity
Posted 09 November 2011 - 03:01 PM

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
And there we have it :-



OTL logfile created on: 09/11/2011 20:47:11 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\rob\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 51.78% Memory free
6.71 Gb Paging File | 5.24 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 315.13 Gb Free Space | 67.66% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 29.19 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Drive E: | 98.70 Gb Total Space | 98.60 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive F: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.79% Space Free | Partition Type: UDF
Drive H: | 31.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROB-PC | User Name: rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 16:19:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\rob\Downloads\OTL.exe
PRC - [2011/11/05 18:25:37 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/17 15:44:02 | 000,114,688 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
PRC - [2009/12/31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\rob\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/11 06:27:45 | 001,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 02:23:05 | 000,485,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 08:10:46 | 000,420,920 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 08:10:45 | 003,702,840 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 08:09:09 | 000,122,952 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 08:09:07 | 000,222,280 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 08:09:06 | 001,745,992 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/26 05:14:43 | 008,587,936 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011/03/17 15:44:02 | 000,114,688 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
MOD - [2010/08/18 18:02:20 | 000,159,744 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SMSPlugin.dll
MOD - [2010/07/31 14:54:06 | 000,065,536 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SpeedManagerPlugin.dll
MOD - [2010/07/21 11:57:06 | 000,090,112 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DialUpPlugin.dll
MOD - [2010/07/21 11:53:42 | 000,122,880 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrPlugin.dll
MOD - [2010/07/21 11:53:26 | 000,237,568 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll
MOD - [2010/07/21 11:51:42 | 001,019,904 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NDISAPI.dll
MOD - [2010/06/28 15:41:34 | 000,155,648 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DetectDev.dll
MOD - [2009/09/08 12:54:44 | 000,065,536 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\ConfigFilePlugin.dll
MOD - [2009/09/08 12:49:12 | 000,139,264 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetInfoPlugin.dll
MOD - [2009/05/23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\XCodec.dll
MOD - [2009/05/23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceOperate.dll
MOD - [2009/05/23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\atcomm.dll
MOD - [2009/01/09 11:31:54 | 000,139,264 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\LocaleMgrPlugin.dll
MOD - [2009/01/09 11:30:38 | 000,032,768 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NotifyServicePlugin.dll
MOD - [2008/11/08 10:52:10 | 000,090,112 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\FileManager.dll
MOD - [2008/11/08 10:52:08 | 000,014,848 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\isaputrace.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- -- (PLFlash DeviceIoControl Service)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Auto | Stopped] -- -- (clr_optimization_v4.0.30319_32)
SRV - [2011/11/08 21:13:44 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 11:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/08/23 00:35:00 | 000,547,360 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvsvc.dll -- (nvsvc)
SRV - [2008/01/21 02:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 02:21:32 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 02:21:32 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/01/30 18:19:00 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/12/24 11:48:26 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/23 00:35:00 | 007,475,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/21 02:22:34 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2007/05/18 03:58:30 | 001,399,936 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.3.3
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/07 22:43:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/27 09:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 09:38:26 | 000,000,000 | ---D | M]

[2010/11/19 12:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rob\AppData\Roaming\Mozilla\Extensions
[2011/11/08 19:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions
[2010/11/19 12:25:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/19 14:29:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/11/19 14:29:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\[email protected]
[2011/10/29 15:21:00 | 000,001,210 | ---- | M] () -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\searchplugins\search.xml
[2010/11/19 12:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 22:43:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.8.1 (Enabled) = C:\Users\rob\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2011/11/08 19:08:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Mininova Toolbar) - {F592709F-FF4A-4862-B659-4AFABDA56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D569C2-DE81-4297-BE56-9DF26B8AD87F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B3D2CFB-BA9F-4FCF-AF46-F868DB59F166}: NameServer = 149.254.230.7 149.254.192.126
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\rob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\rob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/16 21:37:37 | 000,142,336 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/06/30 16:43:22 | 000,000,048 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 17:40:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/09 16:46:49 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2011/11/09 16:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2011/11/09 16:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2011/11/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Lavasoft
[2011/11/08 21:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/08 21:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/08 21:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2011/11/08 21:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools
[2011/11/08 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/11/08 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/08 21:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/11/08 21:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/11/08 19:45:34 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\Rick's Anti-Virus DO NOT DELETE!!
[2011/11/08 19:08:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/08 18:04:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/08 17:53:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/08 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Local\temp
[2011/11/08 17:28:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/08 17:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/08 17:28:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/08 17:28:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/08 17:28:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\A guide and tutorial on using ComboFix_files
[2011/11/08 17:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 17:01:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/08 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/08 13:48:56 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Malwarebytes
[2011/11/08 13:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 12:37:18 | 000,000,000 | ---D | C] -- C:\Users\rob\DoctorWeb
[2011/11/08 11:29:05 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/11/08 11:29:05 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/11/08 11:28:58 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/11/08 11:28:58 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/11/08 11:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/11/08 11:28:55 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\PC Tools
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/08 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\Downloads
[2011/11/08 11:24:17 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\GetRightToGo
[2011/11/07 23:12:48 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/07 23:00:21 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\AVG
[2011/11/07 22:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/07 22:44:57 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\AVG2012
[2011/11/07 22:43:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/07 22:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/07 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/07 22:42:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/07 22:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/07 22:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2011/11/06 10:41:05 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/11/06 01:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/11/06 01:10:12 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2011/11/06 01:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2011/11/06 00:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Image Burner
[2011/11/06 00:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\ISO Image Burner
[2011/11/05 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-Mobile Internet Manager
[2011/11/05 18:27:13 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2011/11/05 18:27:13 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2011/11/05 18:27:13 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2011/11/05 18:27:13 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2011/11/05 18:27:13 | 000,013,184 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\BMLoad.sys
[2011/11/05 18:26:17 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011/11/05 18:26:17 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011/11/05 18:26:17 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011/11/05 18:26:17 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2011/11/05 18:26:17 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2011/11/05 18:26:17 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2011/11/05 18:26:17 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2011/11/05 18:26:17 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2011/11/05 18:26:17 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011/11/05 18:26:17 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2011/11/05 18:26:17 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2011/11/05 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2011/11/03 10:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/03 10:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/11/03 09:48:24 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/03 09:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/11/03 09:32:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/03 09:12:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2011/11/03 09:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/10/27 09:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 09:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/22 08:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/16 18:57:19 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/12 18:33:29 | 000,000,000 | -HSD | C] -- C:\Users\rob\AppData\Local\c98a56f6

========== Files - Modified Within 30 Days ==========

[2011/11/09 20:40:46 | 000,149,052 | ---- | M] () -- C:\Users\rob\Desktop\ping.jpg
[2011/11/09 19:48:14 | 000,236,971 | ---- | M] () -- C:\Users\rob\Desktop\ip.jpg
[2011/11/09 19:43:52 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 19:43:52 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 18:13:45 | 109,179,118 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/09 17:58:25 | 000,167,289 | ---- | M] () -- C:\Users\rob\Desktop\error message..jpg
[2011/11/09 17:52:46 | 000,666,780 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011/11/09 17:52:46 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/09 17:52:46 | 000,133,492 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011/11/09 17:52:46 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/09 17:43:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/09 17:43:55 | 000,305,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 17:41:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/09 17:40:56 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2011/11/09 16:22:56 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011/11/08 21:53:20 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Lavasoft Registry Tuner.lnk
[2011/11/08 21:49:27 | 000,000,727 | ---- | M] () -- C:\Users\rob\Desktop\RegCleaner.lnk
[2011/11/08 21:20:08 | 000,000,213 | ---- | M] () -- C:\Users\rob\Desktop\Team Fortress 2.url
[2011/11/08 21:08:39 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/08 19:08:48 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/08 17:01:29 | 000,000,890 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/08 13:47:14 | 000,001,370 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\cmd - Shortcut.lnk
[2011/11/08 13:24:27 | 000,001,356 | ---- | M] () -- C:\Users\rob\AppData\Local\d3d9caps.dat
[2011/11/08 13:14:07 | 256,600,386 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 11:28:56 | 000,001,743 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/11/08 11:20:22 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011/11/08 11:14:59 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd
[2011/11/07 22:58:52 | 000,000,954 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/07 22:43:30 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/05 18:28:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/05 18:27:35 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager.lnk
[2011/11/05 18:26:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/03 09:48:26 | 000,002,032 | ---- | M] () -- C:\Users\rob\Desktop\www.google.com.lnk
[2011/11/03 09:48:26 | 000,001,994 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/03 09:47:52 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4036179511-3194814763-3673611557-1000Core.job
[2011/10/27 09:37:55 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/27 09:35:40 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/27 09:35:40 | 000,001,854 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/13 05:40:52 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/12 20:37:51 | 000,008,559 | ---- | M] () -- C:\Users\rob\Desktop\Untitled 1.odt

========== Files Created - No Company Name ==========

[2011/11/09 20:40:46 | 000,149,052 | ---- | C] () -- C:\Users\rob\Desktop\ping.jpg
[2011/11/09 19:48:14 | 000,236,971 | ---- | C] () -- C:\Users\rob\Desktop\ip.jpg
[2011/11/09 18:13:45 | 109,179,118 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/09 17:58:25 | 000,167,289 | ---- | C] () -- C:\Users\rob\Desktop\error message..jpg
[2011/11/09 16:22:56 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011/11/08 21:53:20 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Lavasoft Registry Tuner.lnk
[2011/11/08 21:45:59 | 000,000,727 | ---- | C] () -- C:\Users\rob\Desktop\RegCleaner.lnk
[2011/11/08 21:20:08 | 000,000,213 | ---- | C] () -- C:\Users\rob\Desktop\Team Fortress 2.url
[2011/11/08 21:08:39 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/08 17:28:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/08 17:28:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/08 17:28:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/08 17:28:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/08 17:28:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/08 17:01:29 | 000,000,890 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/08 13:47:04 | 000,001,370 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\cmd - Shortcut.lnk
[2011/11/08 11:29:06 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/11/08 11:28:58 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/11/08 11:28:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/11/08 11:28:56 | 000,001,743 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/11/08 11:28:55 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/11/08 11:20:22 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011/11/08 11:14:59 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd
[2011/11/07 22:58:52 | 000,000,954 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/07 22:43:30 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/05 18:28:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/05 18:27:35 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager.lnk
[2011/11/05 18:26:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/03 10:46:34 | 256,600,386 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/03 09:48:26 | 000,002,032 | ---- | C] () -- C:\Users\rob\Desktop\www.google.com.lnk
[2011/11/03 09:48:26 | 000,001,994 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/03 09:47:52 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4036179511-3194814763-3673611557-1000Core.job
[2011/10/27 09:37:55 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/13 05:40:52 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/12 20:37:50 | 000,008,559 | ---- | C] () -- C:\Users\rob\Desktop\Untitled 1.odt
[2011/02/20 10:51:54 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/20 10:51:54 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/20 10:51:54 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/20 10:51:54 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/20 10:51:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/20 10:51:54 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/20 10:51:54 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/20 10:51:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/20 10:51:54 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/20 10:51:54 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/20 10:51:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/20 10:51:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/20 10:51:54 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/20 10:51:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/20 10:51:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/20 10:51:54 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/20 10:51:54 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/20 10:51:54 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/20 10:51:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/20 10:45:02 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2009/12/05 09:12:23 | 000,000,035 | ---- | C] () -- C:\Windows\A6W.INI
[2009/09/10 21:26:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 21:26:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 21:25:19 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/06 16:25:40 | 000,001,356 | ---- | C] () -- C:\Users\rob\AppData\Local\d3d9caps.dat
[2009/05/24 10:06:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/05/12 10:30:13 | 000,442,368 | R--- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2009/05/12 10:29:30 | 000,241,664 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.exe
[2009/05/12 10:29:29 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll
[2009/05/12 10:29:17 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009/05/10 23:01:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/10 22:08:57 | 000,038,912 | ---- | C] () -- C:\Users\rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 17:18:55 | 000,332,666 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2008/02/05 17:18:54 | 000,666,780 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2008/02/05 17:18:54 | 000,133,492 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2008/02/05 17:18:54 | 000,038,684 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2008/01/21 02:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/04/13 05:52:38 | 000,000,727 | R--- | C] () -- C:\Windows\cmudax3.ini
[2006/11/02 12:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:46:27 | 000,305,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/07 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\AVG
[2011/11/07 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\AVG2012
[2011/02/22 14:56:47 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\EPSON
[2011/11/08 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\GetRightToGo
[2010/11/19 14:07:27 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\OpenOffice.org
[2011/03/11 10:50:55 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\Serif
[2011/11/05 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\T-Mobile
[2010/08/24 18:23:15 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\T-Mobile Internet Manager
[2011/03/12 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\uTorrent
[2011/11/09 17:41:32 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp /s >
"ServiceDll" = %SystemRoot%\system32\dhcpcsvc.dll -- [2009/04/11 06:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\system32\dhcpcsvc.dll,-100
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/21 02:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\dhcpcsvc.dll,-101
"ObjectName" = NT Authority\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = NSITdxAfd [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Configurations]
"Options" = 32 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 FF FF FF 7F 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 FF FF FF 7F 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Linkage]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Linkage\Disabled]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters]
"ServiceDll" = %SystemRoot%\System32\dhcpcsvc.dll -- [2009/04/11 06:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\1]
"KeyType" = 7
"RegLocation" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\15]
"KeyType" = 1
"RegLocation" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\220]
"KeyType" = 3
"RegSendLocation" = [Binary data over 100 bytes]
"VendorType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\3]
"KeyType" = 7
"RegLocation" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\44]
"KeyType" = 1
"RegLocation" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\46]
"KeyType" = 4
"RegLocation" = SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\47]
"KeyType" = 1
"RegLocation" = SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\6]
"KeyType" = 1
"RegLocation" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\DhcpNetbiosOptions]
"KeyType" = 4
"OptionId" = 1
"VendorType" = 1
"RegLocation" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parametersv6]
"DllName" = %SystemRoot%\system32\dhcpcsvc6.dll -- [2009/04/11 06:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parametersv6\Options]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parametersv6\Options\23]
"KeyType" = 3
"RegLocation" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parametersv6\Options\24]
"KeyType" = 3
"RegLocation" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Security]
"Security" = [Binary data over 100 bytes]

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >
  • 0

#22
RSGsecurity
Posted 09 November 2011 - 03:05 PM

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ah okay lol, re-scanning now with the correct command.

sorry also just noticed on that command it has c:/ martin, is that correct or should it be my user? (rob)

Edited by RSGsecurity, 09 November 2011 - 03:07 PM.

  • 0

#23
RSGsecurity
Posted 09 November 2011 - 03:18 PM

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
There we go, 2nd time lucky ay lol, I assumed the command was correct and meant to be martin so carried on, produced the following :-


OTL logfile created on: 09/11/2011 21:04:08 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\rob\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 51.60% Memory free
6.71 Gb Paging File | 5.25 Gb Available in Paging File | 78.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 315.15 Gb Free Space | 67.66% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 29.19 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Drive E: | 98.70 Gb Total Space | 98.60 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive F: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.79% Space Free | Partition Type: UDF
Drive H: | 31.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROB-PC | User Name: rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 16:19:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\rob\Downloads\OTL.exe
PRC - [2011/11/05 18:25:37 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/17 15:44:02 | 000,114,688 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
PRC - [2009/12/31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\rob\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 08:10:46 | 000,420,920 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 08:10:45 | 003,702,840 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 08:09:09 | 000,122,952 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 08:09:07 | 000,222,280 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 08:09:06 | 001,745,992 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/26 05:14:43 | 008,587,936 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011/03/17 15:44:02 | 000,114,688 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
MOD - [2010/08/18 18:02:20 | 000,159,744 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SMSPlugin.dll
MOD - [2010/07/31 14:54:06 | 000,065,536 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SpeedManagerPlugin.dll
MOD - [2010/07/21 11:57:06 | 000,090,112 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DialUpPlugin.dll
MOD - [2010/07/21 11:53:42 | 000,122,880 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrPlugin.dll
MOD - [2010/07/21 11:53:26 | 000,237,568 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll
MOD - [2010/07/21 11:51:42 | 001,019,904 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NDISAPI.dll
MOD - [2010/06/28 15:41:34 | 000,155,648 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DetectDev.dll
MOD - [2009/09/08 12:54:44 | 000,065,536 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\ConfigFilePlugin.dll
MOD - [2009/09/08 12:49:12 | 000,139,264 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetInfoPlugin.dll
MOD - [2009/05/23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\XCodec.dll
MOD - [2009/05/23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceOperate.dll
MOD - [2009/05/23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\atcomm.dll
MOD - [2009/01/09 11:31:54 | 000,139,264 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\LocaleMgrPlugin.dll
MOD - [2009/01/09 11:30:38 | 000,032,768 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NotifyServicePlugin.dll
MOD - [2008/11/08 10:52:10 | 000,090,112 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\FileManager.dll
MOD - [2008/11/08 10:52:08 | 000,014,848 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\isaputrace.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- -- (PLFlash DeviceIoControl Service)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Auto | Stopped] -- -- (clr_optimization_v4.0.30319_32)
SRV - [2011/11/08 21:13:44 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 11:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/08/23 00:35:00 | 000,547,360 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvsvc.dll -- (nvsvc)
SRV - [2008/01/21 02:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 02:21:32 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 02:21:32 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/01/30 18:19:00 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/12/24 11:48:26 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/23 00:35:00 | 007,475,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/21 02:22:34 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2007/05/18 03:58:30 | 001,399,936 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.3.3
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/07 22:43:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/27 09:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 09:38:26 | 000,000,000 | ---D | M]

[2010/11/19 12:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rob\AppData\Roaming\Mozilla\Extensions
[2011/11/08 19:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions
[2010/11/19 12:25:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/19 14:29:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/11/19 14:29:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\[email protected]
[2011/10/29 15:21:00 | 000,001,210 | ---- | M] () -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\searchplugins\search.xml
[2010/11/19 12:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 22:43:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.8.1 (Enabled) = C:\Users\rob\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2011/11/08 19:08:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Mininova Toolbar) - {F592709F-FF4A-4862-B659-4AFABDA56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D569C2-DE81-4297-BE56-9DF26B8AD87F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B3D2CFB-BA9F-4FCF-AF46-F868DB59F166}: NameServer = 149.254.230.7 149.254.192.126
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\rob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\rob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/16 21:37:37 | 000,142,336 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/06/30 16:43:22 | 000,000,048 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 17:40:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/09 16:46:49 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2011/11/09 16:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2011/11/09 16:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2011/11/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Lavasoft
[2011/11/08 21:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/08 21:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/08 21:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2011/11/08 21:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools
[2011/11/08 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/11/08 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/08 21:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/11/08 21:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/11/08 19:45:34 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\Rick's Anti-Virus DO NOT DELETE!!
[2011/11/08 19:08:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/08 18:04:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/08 17:53:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/08 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Local\temp
[2011/11/08 17:28:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/08 17:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/08 17:28:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/08 17:28:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/08 17:28:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\A guide and tutorial on using ComboFix_files
[2011/11/08 17:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 17:01:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/08 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/08 13:48:56 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Malwarebytes
[2011/11/08 13:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 12:37:18 | 000,000,000 | ---D | C] -- C:\Users\rob\DoctorWeb
[2011/11/08 11:29:05 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/11/08 11:29:05 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/11/08 11:28:58 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/11/08 11:28:58 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/11/08 11:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/11/08 11:28:55 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\PC Tools
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/08 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\Downloads
[2011/11/08 11:24:17 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\GetRightToGo
[2011/11/07 23:12:48 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/07 23:00:21 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\AVG
[2011/11/07 22:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/07 22:44:57 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\AVG2012
[2011/11/07 22:43:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/07 22:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/07 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/07 22:42:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/07 22:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/07 22:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2011/11/06 10:41:05 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/11/06 01:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/11/06 01:10:12 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2011/11/06 01:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2011/11/06 00:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Image Burner
[2011/11/06 00:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\ISO Image Burner
[2011/11/05 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-Mobile Internet Manager
[2011/11/05 18:27:13 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2011/11/05 18:27:13 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2011/11/05 18:27:13 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2011/11/05 18:27:13 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2011/11/05 18:27:13 | 000,013,184 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\BMLoad.sys
[2011/11/05 18:26:17 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011/11/05 18:26:17 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011/11/05 18:26:17 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011/11/05 18:26:17 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2011/11/05 18:26:17 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2011/11/05 18:26:17 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2011/11/05 18:26:17 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2011/11/05 18:26:17 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2011/11/05 18:26:17 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011/11/05 18:26:17 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2011/11/05 18:26:17 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2011/11/05 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2011/11/03 10:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/03 10:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/11/03 09:48:24 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/03 09:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/11/03 09:32:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/03 09:12:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2011/11/03 09:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/10/27 09:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 09:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/22 08:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/16 18:57:19 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/12 18:33:29 | 000,000,000 | -HSD | C] -- C:\Users\rob\AppData\Local\c98a56f6

========== Files - Modified Within 30 Days ==========

[2011/11/09 20:40:46 | 000,149,052 | ---- | M] () -- C:\Users\rob\Desktop\ping.jpg
[2011/11/09 19:48:14 | 000,236,971 | ---- | M] () -- C:\Users\rob\Desktop\ip.jpg
[2011/11/09 19:43:52 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 19:43:52 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 18:13:45 | 109,179,118 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/09 17:58:25 | 000,167,289 | ---- | M] () -- C:\Users\rob\Desktop\error message..jpg
[2011/11/09 17:52:46 | 000,666,780 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011/11/09 17:52:46 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/09 17:52:46 | 000,133,492 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011/11/09 17:52:46 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/09 17:43:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/09 17:43:55 | 000,305,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 17:41:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/09 17:40:56 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2011/11/09 16:22:56 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011/11/08 21:53:20 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Lavasoft Registry Tuner.lnk
[2011/11/08 21:49:27 | 000,000,727 | ---- | M] () -- C:\Users\rob\Desktop\RegCleaner.lnk
[2011/11/08 21:20:08 | 000,000,213 | ---- | M] () -- C:\Users\rob\Desktop\Team Fortress 2.url
[2011/11/08 21:08:39 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/08 19:08:48 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/08 17:01:29 | 000,000,890 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/08 13:47:14 | 000,001,370 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\cmd - Shortcut.lnk
[2011/11/08 13:24:27 | 000,001,356 | ---- | M] () -- C:\Users\rob\AppData\Local\d3d9caps.dat
[2011/11/08 13:14:07 | 256,600,386 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 11:28:56 | 000,001,743 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/11/08 11:20:22 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011/11/08 11:14:59 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd
[2011/11/07 22:58:52 | 000,000,954 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/07 22:43:30 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/05 18:28:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/05 18:27:35 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager.lnk
[2011/11/05 18:26:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/03 09:48:26 | 000,002,032 | ---- | M] () -- C:\Users\rob\Desktop\www.google.com.lnk
[2011/11/03 09:48:26 | 000,001,994 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/03 09:47:52 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4036179511-3194814763-3673611557-1000Core.job
[2011/10/27 09:37:55 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/27 09:35:40 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/27 09:35:40 | 000,001,854 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/13 05:40:52 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/12 20:37:51 | 000,008,559 | ---- | M] () -- C:\Users\rob\Desktop\Untitled 1.odt

========== Files Created - No Company Name ==========

[2011/11/09 20:40:46 | 000,149,052 | ---- | C] () -- C:\Users\rob\Desktop\ping.jpg
[2011/11/09 19:48:14 | 000,236,971 | ---- | C] () -- C:\Users\rob\Desktop\ip.jpg
[2011/11/09 18:13:45 | 109,179,118 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/09 17:58:25 | 000,167,289 | ---- | C] () -- C:\Users\rob\Desktop\error message..jpg
[2011/11/09 16:22:56 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011/11/08 21:53:20 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Lavasoft Registry Tuner.lnk
[2011/11/08 21:45:59 | 000,000,727 | ---- | C] () -- C:\Users\rob\Desktop\RegCleaner.lnk
[2011/11/08 21:20:08 | 000,000,213 | ---- | C] () -- C:\Users\rob\Desktop\Team Fortress 2.url
[2011/11/08 21:08:39 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/08 17:28:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/08 17:28:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/08 17:28:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/08 17:28:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/08 17:28:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/08 17:01:29 | 000,000,890 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/08 13:47:04 | 000,001,370 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\cmd - Shortcut.lnk
[2011/11/08 11:29:06 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/11/08 11:28:58 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/11/08 11:28:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/11/08 11:28:56 | 000,001,743 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/11/08 11:28:55 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/11/08 11:20:22 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011/11/08 11:14:59 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd
[2011/11/07 22:58:52 | 000,000,954 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/07 22:43:30 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/05 18:28:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/05 18:27:35 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager.lnk
[2011/11/05 18:26:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/03 10:46:34 | 256,600,386 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/03 09:48:26 | 000,002,032 | ---- | C] () -- C:\Users\rob\Desktop\www.google.com.lnk
[2011/11/03 09:48:26 | 000,001,994 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/03 09:47:52 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4036179511-3194814763-3673611557-1000Core.job
[2011/10/27 09:37:55 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/13 05:40:52 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/12 20:37:50 | 000,008,559 | ---- | C] () -- C:\Users\rob\Desktop\Untitled 1.odt
[2011/02/20 10:51:54 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/20 10:51:54 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/20 10:51:54 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/20 10:51:54 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/20 10:51:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/20 10:51:54 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/20 10:51:54 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/20 10:51:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/20 10:51:54 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/20 10:51:54 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/20 10:51:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/20 10:51:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/20 10:51:54 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/20 10:51:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/20 10:51:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/20 10:51:54 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/20 10:51:54 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/20 10:51:54 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/20 10:51:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/20 10:45:02 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2009/12/05 09:12:23 | 000,000,035 | ---- | C] () -- C:\Windows\A6W.INI
[2009/09/10 21:26:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 21:26:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 21:25:19 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/06 16:25:40 | 000,001,356 | ---- | C] () -- C:\Users\rob\AppData\Local\d3d9caps.dat
[2009/05/24 10:06:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/05/12 10:30:13 | 000,442,368 | R--- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2009/05/12 10:29:30 | 000,241,664 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.exe
[2009/05/12 10:29:29 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll
[2009/05/12 10:29:17 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009/05/10 23:01:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/10 22:08:57 | 000,038,912 | ---- | C] () -- C:\Users\rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 17:18:55 | 000,332,666 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2008/02/05 17:18:54 | 000,666,780 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2008/02/05 17:18:54 | 000,133,492 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2008/02/05 17:18:54 | 000,038,684 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2008/01/21 02:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/04/13 05:52:38 | 000,000,727 | R--- | C] () -- C:\Windows\cmudax3.ini
[2006/11/02 12:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:46:27 | 000,305,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/07 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\AVG
[2011/11/07 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\AVG2012
[2011/02/22 14:56:47 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\EPSON
[2011/11/08 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\GetRightToGo
[2010/11/19 14:07:27 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\OpenOffice.org
[2011/03/11 10:50:55 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\Serif
[2011/11/05 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\T-Mobile
[2010/08/24 18:23:15 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\T-Mobile Internet Manager
[2011/03/12 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\uTorrent
[2011/11/09 17:41:32 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< This is the Vista / 7 output >
Invalid Switch: 7 output


< >

< [SC] QueryServiceConfig SUCCESS >

< >

< SERVICE_NAME: DHCP >

< TYPE : 20 WIN32_SHARE_PROCESS >

< START_TYPE : 2 AUTO_START >

< ERROR_CONTROL : 1 NORMAL >

< BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetw >

< orkRestricted >

< LOAD_ORDER_GROUP : TDI >

< TAG : 0 >

< DISPLAY_NAME : DHCP Client >

< DEPENDENCIES : NSI >

< : Tdx >

< : Afd >

< SERVICE_START_NAME : NT Authority\LocalService >

< >

< C:\Users\Martin> >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >
  • 0

#24
Essexboy
Posted 09 November 2011 - 03:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts


The reg data again looks good - however, this is my system

Lets noiw try a reset

From the command prompt type the following:

netsh int ip reset c:\resetlog.txt

This should generate a log at the c drive

It will be you as that is my name
  • 0

#25
RSGsecurity
Posted 09 November 2011 - 03:24 PM

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts



The reg data again looks good - however, this is my system

Lets noiw try a reset

From the command prompt type the following:

netsh int ip reset c:\resetlog.txt

This should generate a log at the c drive

It will be you as that is my name



Right so am I rerunning this OTL with my name instead, so the otl command should look like this instead?
if so ill re-run the OTL before I restart after running that DOS.


[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: DHCP
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetw
orkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : NSI
: Tdx
: Afd
SERVICE_START_NAME : NT Authority\LocalService

C:\Users\Rob>
  • 0

Advertisements

#26
Essexboy
Posted 09 November 2011 - 03:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No run the netsh command and let me see the log that it produces please, after that we may need to run netsh winsock reset
  • 0

#27
RSGsecurity
Posted 09 November 2011 - 03:32 PM

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
that's the dos result, shall I go ahead and reboot?

netsh.jpg
  • 0

#28
Essexboy
Posted 09 November 2011 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes reboot please - and it looks as though we may have had to use an elevated prompt to produce the log
  • 0

#29
RSGsecurity
Posted 09 November 2011 - 03:43 PM

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
right, rebooted, using this command you stated earlier then or? (netsh winsock reset)
  • 0

#30
Essexboy
Posted 09 November 2011 - 03:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run the netsh winsock reset next and then see if you can connect
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP