Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

DH.CAFF8202BE [Closed] [Solved]

Started by Carolyncasl , Nov 21 2011 07:16 PM

This topic is locked

#1
Carolyncasl

Posted 21 November 2011 - 07:16 PM

Member

Member
15 posts

My computer appears to have been infected with Malware.

I have AVG 9.0.920. I am running Windows 7.

AVG will give popups saying c:\windows\system32\svchost.exe is infected with Win32/DH.CAFF8202BE. The Resident Shield Alert will show many entries for svchost.exe, but it doesn't give specific information, other than Win32/DH.CAFF8202BE.

I have noticed that there are 4 instances of iexplore.exe running in my Task Manager, but if I kill them, they just come back. So I am sure there is some malware/spyware at work, but I don't know how to stop it and get rid of it.

I have tried running AVG scan, HiJackThis, TDSSKiller, Combofix, and most recently OTL.

Thank you very much for your help.

Here is my OTL log:

OTL logfile created on: 11/21/2011 7:36:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\NEW
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.32% Memory free
4.50 Gb Paging File | 3.82 Gb Available in Paging File | 84.86% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 6.04 Gb Free Space | 0.86% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 285.33 Gb Free Space | 61.26% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 5.76 Gb Free Space | 1.24% Space Free | Partition Type: NTFS
Drive G: | 114.49 Gb Total Space | 33.12 Gb Free Space | 28.93% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 3.79 Gb Free Space | 0.54% Space Free | Partition Type: NTFS

Computer Name: MAGIC | User Name: oh | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 19:26:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\NEW\OTL.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/01/05 19:37:52 | 000,136,128 | ---- | M] (JP Software) -- C:\TCMD\tcc.exe
PRC - [2010/11/20 16:29:20 | 002,640,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/01/05 19:38:12 | 000,294,128 | ---- | M] () -- C:\TCMD\onig.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 02:21:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/24 20:18:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/05/24 20:18:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/12/01 21:19:32 | 001,696,496 | ---- | M] (RealVNC Ltd) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/15 09:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - [2011/09/13 07:02:55 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/25 07:13:12 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/05/24 20:18:33 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011/05/24 20:18:28 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/12/01 21:05:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2010/11/20 16:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/20 10:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008/08/20 10:27:26 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2008/08/20 10:27:08 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SI3112.sys -- (SI3112)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/21 02:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/09/21 02:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 02:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/21 02:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/09/21 02:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/11 09:58:00 | 000,049,952 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpt3xx.sys -- (hpt3xx)
DRV - [2004/04/10 08:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | System | Stopped] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 61 E6 78 47 31 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.1
FF - prefs.js..flock.keyword.provider: "Google"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 07:04:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2011/05/25 03:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/11/13 22:02:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 4\components [2011/10/01 13:56:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugins

[2011/05/25 03:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Extensions
[2011/05/25 03:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/11/13 15:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions
[2011/11/12 14:21:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/09 18:18:12 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/11/12 14:21:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/06/28 19:03:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\[email protected]
[2011/05/25 01:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/25 01:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 04:41:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\oh\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: uTorrentBar = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.0.15_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Social Fixer = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.201_0\

O1 HOSTS File: ([2011/05/24 19:31:51 | 000,030,237 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 68.167.161.182 Hades
O1 - Hosts: 68.167.161.178 [bleep]
O1 - Hosts: 68.167.161.179 Magic
O1 - Hosts: 68.167.161.180 Mist
O1 - Hosts: 68.167.161.181 Fire
O1 - Hosts: 68.167.161.182 www.doubleclick.net
O1 - Hosts: 68.167.161.182 ad.preferances.com
O1 - Hosts: 68.167.161.182 ad.doubleclick.com
O1 - Hosts: 68.167.161.182 ads.web.aol.com
O1 - Hosts: 68.167.161.182 ad.preferences.com
O1 - Hosts: 68.167.161.182 ad.washingtonpost.com
O1 - Hosts: 68.167.161.182 adpick.switchboard.com
O1 - Hosts: 68.167.161.182 ads.doubleclick.com
O1 - Hosts: 68.167.161.182 ads.infospace.com
O1 - Hosts: 68.167.161.182 ads.msn.com
O1 - Hosts: 68.167.161.182 ads.switchboard.com
O1 - Hosts: 68.167.161.182 ads.enliven.com
O1 - Hosts: 68.167.161.182 oz.valueclick.com
O1 - Hosts: 68.167.161.182 ads.doubleclick.net
O1 - Hosts: 68.167.161.182 ad2.doubleclick.net
O1 - Hosts: 68.167.161.182 ad3.doubleclick.net
O1 - Hosts: 68.167.161.182 ad4.doubleclick.net
O1 - Hosts: 68.167.161.182 ad5.doubleclick.net
O1 - Hosts: 68.167.161.182 ad6.doubleclick.net
O1 - Hosts: 68.167.161.182 ad7.doubleclick.net
O1 - Hosts: 752 more lines...
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = File not found
O4 - Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcmd.exe + autoexec.btm - Shortcut.lnk = C:\TCMD\tcmd.exe (JP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06981283-E60C-4913-856A-AC3852073764}: NameServer = 64.105.199.75,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/09 13:53:54 | 000,000,000 | ---- | M] () - F:\autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2003/12/31 19:02:05 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/15 15:22:15 | 000,000,098 | ---- | M] () - G:\autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2011/05/24 13:40:55 | 000,000,000 | ---- | M] () - H:\autorun.ini -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 19:09:52 | 000,000,000 | ---D | C] -- C:\virus2011
[2011/11/21 18:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/21 17:38:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/20 19:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/20 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/20 18:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/11/20 17:10:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/20 17:10:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/20 17:10:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/20 17:09:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/20 17:09:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 16:59:20 | 004,303,424 | R--- | C] (Swearware) -- C:\Users\oh\Desktop\ComboFix.exe
[2011/11/20 16:38:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/16 18:37:46 | 000,000,000 | ---D | C] -- C:\testing
[2011/10/28 17:34:08 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\dvdcss
[2011/10/28 16:57:15 | 000,000,000 | ---D | C] -- C:\Users\oh\Documents\DVDFab
[2011/10/28 16:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab HD Decrypter
[2011/10/28 16:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab HD Decrypter 4
[2011/10/25 19:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software
[2011/10/25 19:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[11 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[11 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 19:35:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 19:35:27 | 1610,256,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 19:33:58 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 19:33:58 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 19:19:54 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 19:19:54 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 18:52:06 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814184897-3768303927-2348027941-1001UA.job
[2011/11/21 18:10:29 | 089,416,955 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/11/21 17:34:50 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\oh\Desktop\ComboFix.exe
[2011/11/20 22:52:03 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814184897-3768303927-2348027941-1001Core.job
[2011/11/20 19:16:20 | 000,266,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/20 18:51:49 | 000,002,971 | ---- | M] () -- C:\Users\oh\Desktop\HiJackThis.lnk
[2011/11/18 17:54:32 | 000,002,403 | ---- | M] () -- C:\Users\oh\Desktop\Google Chrome.lnk
[2011/11/03 20:03:17 | 000,093,780 | ---- | M] () -- C:\Letter of Recommendation - Suzanne - noname.eml
[2011/11/02 20:13:20 | 000,002,166 | ---- | M] () -- C:\Users\oh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 4.lnk
[2011/10/28 16:49:33 | 000,001,112 | ---- | M] () -- C:\Users\oh\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab HD Decrypter 4.lnk
[2011/10/28 16:49:33 | 000,001,088 | ---- | M] () -- C:\Users\oh\Desktop\DVDFab HD Decrypter 4.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[11 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[11 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 18:51:49 | 000,002,971 | ---- | C] () -- C:\Users\oh\Desktop\HiJackThis.lnk
[2011/11/20 17:10:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/20 17:10:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/20 17:10:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/20 17:10:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/20 17:10:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/03 20:02:24 | 000,093,780 | ---- | C] () -- C:\Letter of Recommendation - Suzanne - noname.eml
[2011/10/28 16:49:33 | 000,001,112 | ---- | C] () -- C:\Users\oh\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab HD Decrypter 4.lnk
[2011/10/28 16:49:33 | 000,001,088 | ---- | C] () -- C:\Users\oh\Desktop\DVDFab HD Decrypter 4.lnk
[2011/09/21 06:27:35 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2011/09/21 06:27:35 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/09/21 06:27:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/09/21 06:27:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/07/26 16:03:34 | 000,000,083 | ---- | C] () -- C:\Users\oh\AppData\Roaming\sversion.ini
[2011/07/26 16:01:52 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe
[2011/07/07 20:17:17 | 000,026,112 | ---- | C] () -- C:\Windows\System32\VNCpm.dll
[2011/06/10 13:19:51 | 001,481,728 | ---- | C] () -- C:\Windows\System32\LegitCheckControl.dll
[2011/06/06 08:27:20 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2011/06/06 08:27:18 | 000,414,208 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2011/06/06 08:27:18 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2011/05/31 21:25:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/05/31 21:25:28 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/25 03:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/24 18:28:56 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/05/24 18:28:03 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | C] () -- C:\Windows\expl.dat
[2010/11/20 16:29:20 | 000,286,720 | ---- | C] () -- C:\Windows\System32\winl.dat
[2010/11/20 16:29:20 | 000,020,992 | ---- | C] () -- C:\Windows\System32\svch.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,266,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 06:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2005/09/27 11:15:46 | 000,235,144 | ---- | C] () -- C:\Windows\System32\SetAid.dll
[2001/01/23 22:31:18 | 000,151,552 | ---- | C] () -- C:\Windows\System32\prntfix.exe
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[1998/06/11 12:08:06 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll

========== LOP Check ==========

[2011/11/02 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\BSW
[2011/07/09 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\EAC
[2011/11/20 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\EditPlus 3
[2011/05/25 03:27:40 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\Flock
[2011/05/24 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\LockHunter
[2011/11/21 19:33:45 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\uTorrent
[2009/07/13 23:53:46 | 000,010,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 27 November 2011 - 11:52 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALLY

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce C:\DiskReport.txt log please post results from that log here to me.

#3
Carolyncasl

Posted 27 November 2011 - 02:06 PM

Member

Topic Starter
Member
15 posts

Thank you for the reply.

Here is the OTL.Txt, but it did not open an Extras.txt, and I don't see an Extras.txt saved to my desktop.

OTL logfile created on: 11/27/2011 2:38:22 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\oh\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.42% Memory free
4.50 Gb Paging File | 2.02 Gb Available in Paging File | 44.99% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 41.27 Gb Free Space | 5.91% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 253.38 Gb Free Space | 54.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 5.76 Gb Free Space | 1.24% Space Free | Partition Type: NTFS
Drive G: | 114.49 Gb Total Space | 33.43 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 4.00 Gb Free Space | 0.57% Space Free | Partition Type: NTFS
Drive K: | 279.46 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive L: | 1397.26 Gb Total Space | 9.02 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive O: | 1863.01 Gb Total Space | 124.34 Gb Free Space | 6.67% Space Free | Partition Type: NTFS
Drive Q: | 233.76 Gb Total Space | 39.97 Gb Free Space | 17.10% Space Free | Partition Type: NTFS
Drive R: | 1863.01 Gb Total Space | 15.97 Gb Free Space | 0.86% Space Free | Partition Type: NTFS
Drive S: | 698.64 Gb Total Space | 48.33 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
Drive U: | 931.51 Gb Total Space | 97.77 Gb Free Space | 10.50% Space Free | Partition Type: NTFS
Drive W: | 1397.26 Gb Total Space | 4.53 Gb Free Space | 0.32% Space Free | Partition Type: NTFS

Computer Name: MAGIC | User Name: oh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 13:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\oh\Desktop\OTL.exe
PRC - [2011/11/22 19:23:30 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\Temp\64A5.dir\InstallFlashPlayer.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/19 21:47:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\oh\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/01 21:19:38 | 000,832,272 | ---- | M] (RealVNC Ltd) -- C:\Program Files\RealVNC\VNC4\vncclipboard.exe
PRC - [2010/12/01 21:19:32 | 001,696,496 | ---- | M] (RealVNC Ltd) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2010/11/20 16:29:20 | 002,640,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/14 06:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2007/11/15 09:12:04 | 000,784,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/11/15 09:08:26 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 02:21:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/01 21:19:32 | 001,696,496 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/15 09:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/12/01 21:05:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2010/11/20 16:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/20 10:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008/08/20 10:27:26 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2008/08/20 10:27:08 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SI3112.sys -- (SI3112)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/21 02:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/09/21 02:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 02:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/21 02:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/09/21 02:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/11 09:58:00 | 000,049,952 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpt3xx.sys -- (hpt3xx)
DRV - [2004/04/10 08:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-814184897-3768303927-2348027941-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKU\S-1-5-21-814184897-3768303927-2348027941-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-814184897-3768303927-2348027941-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-814184897-3768303927-2348027941-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 61 E6 78 47 31 CC 01 [binary data]
IE - HKU\S-1-5-21-814184897-3768303927-2348027941-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.1
FF - prefs.js..flock.keyword.provider: "Google"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/21 22:15:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2011/05/25 03:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/11/13 22:02:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 4\components [2011/10/01 13:56:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugins

[2011/05/25 03:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Extensions
[2011/05/25 03:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/11/13 15:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions
[2011/11/12 14:21:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/09 18:18:12 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/11/12 14:21:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/06/28 19:03:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\[email protected]
[2011/05/25 01:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/25 01:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 04:41:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\oh\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: uTorrentBar = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.0.15_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Social Fixer = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.201_0\
CHR - Extension: AVG Safe Search = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2011/05/24 19:31:51 | 000,030,237 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 68.167.161.182 Hades
O1 - Hosts: 68.167.161.178 [bleep]
O1 - Hosts: 68.167.161.179 Magic
O1 - Hosts: 68.167.161.180 Mist
O1 - Hosts: 68.167.161.181 Fire
O1 - Hosts: 68.167.161.182 www.doubleclick.net
O1 - Hosts: 68.167.161.182 ad.preferances.com
O1 - Hosts: 68.167.161.182 ad.doubleclick.com
O1 - Hosts: 68.167.161.182 ads.web.aol.com
O1 - Hosts: 68.167.161.182 ad.preferences.com
O1 - Hosts: 68.167.161.182 ad.washingtonpost.com
O1 - Hosts: 68.167.161.182 adpick.switchboard.com
O1 - Hosts: 68.167.161.182 ads.doubleclick.com
O1 - Hosts: 68.167.161.182 ads.infospace.com
O1 - Hosts: 68.167.161.182 ads.msn.com
O1 - Hosts: 68.167.161.182 ads.switchboard.com
O1 - Hosts: 68.167.161.182 ads.enliven.com
O1 - Hosts: 68.167.161.182 oz.valueclick.com
O1 - Hosts: 68.167.161.182 ads.doubleclick.net
O1 - Hosts: 68.167.161.182 ad2.doubleclick.net
O1 - Hosts: 68.167.161.182 ad3.doubleclick.net
O1 - Hosts: 68.167.161.182 ad4.doubleclick.net
O1 - Hosts: 68.167.161.182 ad5.doubleclick.net
O1 - Hosts: 68.167.161.182 ad6.doubleclick.net
O1 - Hosts: 68.167.161.182 ad7.doubleclick.net
O1 - Hosts: 752 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-814184897-3768303927-2348027941-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = File not found
O4 - Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcmd.exe + autoexec.btm - Shortcut.lnk = C:\TCMD\tcmd.exe (JP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-814184897-3768303927-2348027941-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06981283-E60C-4913-856A-AC3852073764}: NameServer = 64.105.199.75,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/09 13:53:54 | 000,000,000 | ---- | M] () - F:\autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2003/12/31 19:02:05 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/15 15:22:15 | 000,000,098 | ---- | M] () - G:\autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2011/05/24 13:40:55 | 000,000,000 | ---- | M] () - H:\autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2011/01/11 22:01:51 | 000,000,000 | ---- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/15 15:20:13 | 000,000,098 | ---- | M] () - L:\autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2011/08/23 18:40:43 | 000,000,034 | ---- | M] () - O:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/15 15:20:34 | 000,000,098 | ---- | M] () - W:\autorun.ini -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 13:58:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\oh\Desktop\OTL.exe
[2011/11/24 19:15:48 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Malwarebytes
[2011/11/24 19:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/24 19:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/24 19:15:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/24 19:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/21 22:16:46 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\AVG2012
[2011/11/21 22:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/21 22:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/11/21 22:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/21 22:13:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/21 21:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/21 19:09:52 | 000,000,000 | ---D | C] -- C:\virus2011
[2011/11/21 18:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/21 17:38:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/20 19:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/20 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/20 18:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/11/20 17:10:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/20 17:10:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/20 17:10:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/20 17:09:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/20 16:59:20 | 004,303,424 | R--- | C] (Swearware) -- C:\Users\oh\Desktop\ComboFix.exe
[2011/11/20 16:38:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/28 17:34:08 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\dvdcss
[2011/10/28 16:57:15 | 000,000,000 | ---D | C] -- C:\Users\oh\Documents\DVDFab
[2011/10/28 16:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab HD Decrypter
[2011/10/28 16:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab HD Decrypter 4
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[17 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[17 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 14:40:15 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 14:40:15 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 13:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\oh\Desktop\OTL.exe
[2011/11/27 13:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814184897-3768303927-2348027941-1001UA.job
[2011/11/27 08:56:55 | 110,885,427 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/26 22:52:02 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814184897-3768303927-2348027941-1001Core.job
[2011/11/23 18:10:33 | 000,018,231 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/22 20:34:59 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/22 20:34:59 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/22 17:32:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 17:32:09 | 1610,256,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 22:15:29 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/21 17:34:50 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\oh\Desktop\ComboFix.exe
[2011/11/20 19:16:20 | 000,266,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/20 18:51:49 | 000,002,971 | ---- | M] () -- C:\Users\oh\Desktop\HiJackThis.lnk
[2011/11/18 17:54:32 | 000,002,403 | ---- | M] () -- C:\Users\oh\Desktop\Google Chrome.lnk
[2011/11/02 20:13:20 | 000,002,166 | ---- | M] () -- C:\Users\oh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 4.lnk
[2011/10/28 16:49:33 | 000,001,112 | ---- | M] () -- C:\Users\oh\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab HD Decrypter 4.lnk
[2011/10/28 16:49:33 | 000,001,088 | ---- | M] () -- C:\Users\oh\Desktop\DVDFab HD Decrypter 4.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[17 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[17 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 08:56:55 | 110,885,427 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/23 18:10:33 | 000,018,231 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/21 22:15:29 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/21 22:14:31 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2011/11/20 18:51:49 | 000,002,971 | ---- | C] () -- C:\Users\oh\Desktop\HiJackThis.lnk
[2011/11/20 17:10:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/20 17:10:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/20 17:10:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/20 17:10:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/20 17:10:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/28 16:49:33 | 000,001,112 | ---- | C] () -- C:\Users\oh\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab HD Decrypter 4.lnk
[2011/10/28 16:49:33 | 000,001,088 | ---- | C] () -- C:\Users\oh\Desktop\DVDFab HD Decrypter 4.lnk
[2011/09/21 06:27:35 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2011/09/21 06:27:35 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/09/21 06:27:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/09/21 06:27:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/07/26 16:03:34 | 000,000,083 | ---- | C] () -- C:\Users\oh\AppData\Roaming\sversion.ini
[2011/07/26 16:01:52 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe
[2011/07/07 20:17:17 | 000,026,112 | ---- | C] () -- C:\Windows\System32\VNCpm.dll
[2011/06/10 13:19:51 | 001,481,728 | ---- | C] () -- C:\Windows\System32\LegitCheckControl.dll
[2011/06/06 08:27:20 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2011/06/06 08:27:18 | 000,414,208 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2011/06/06 08:27:18 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2011/05/31 21:25:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/05/31 21:25:28 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/25 03:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/24 18:28:56 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/05/24 18:28:03 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | C] () -- C:\Windows\expl.dat
[2010/11/20 16:29:20 | 000,286,720 | ---- | C] () -- C:\Windows\System32\winl.dat
[2010/11/20 16:29:20 | 000,020,992 | ---- | C] () -- C:\Windows\System32\svch.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,266,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 06:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2005/09/27 11:15:46 | 000,235,144 | ---- | C] () -- C:\Windows\System32\SetAid.dll
[2001/01/23 22:31:18 | 000,151,552 | ---- | C] () -- C:\Windows\System32\prntfix.exe
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[1998/06/11 12:08:06 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll

========== LOP Check ==========

[2011/11/21 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\AVG2012
[2011/11/02 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\BSW
[2011/07/09 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\EAC
[2011/11/27 14:35:55 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\EditPlus 3
[2011/05/25 03:27:40 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\Flock
[2011/05/24 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\LockHunter
[2011/11/23 18:40:54 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\uTorrent
[2009/07/13 23:53:46 | 000,010,902 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2003/05/06 09:24:47 | 000,990,918 | ---- | M] () MD5=02935B72FCA7FE84C6668861E2117A98 -- C:\FLOPPIES\Dell - Axim\Pocket PC 2003 Companion CD\DELL\APPS\Handango\explorer\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2010/11/20 16:29:20 | 002,640,896 | ---- | M] (Microsoft Corporation) MD5=6D1BD7048A849D483481EA0F75DA9A97 -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SVCHOST.EXE >
[2010/11/20 16:29:20 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=27338DD6C2BB05B92C06EE5729A54B12 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 16:29:20 | 000,311,296 | ---- | M] (Microsoft Corporation) MD5=077D86CA26E64CCEC2E09B630482DE4C -- C:\Windows\System32\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 16:29:08 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{06981283-E60C-4913-856A-AC3852073764}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 18:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 04 01 02 01 01 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 20:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

#4
Carolyncasl

Posted 27 November 2011 - 02:21 PM

Member

Topic Starter
Member
15 posts

Here is the aswMBR log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-27 15:08:32
-----------------------------
15:08:32.319 OS Version: Windows 6.1.7601 Service Pack 1
15:08:32.319 Number of processors: 2 586 0x209
15:08:32.319 ComputerName: MAGIC UserName: oh
15:08:36.569 Initialize success
15:09:00.079 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:09:00.094 Disk 0 Vendor: Maxtor_6Y120L4 YAR41BW0 Size: 117246MB BusType: 3
15:09:00.094 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\hpt3xx1Port4Path0Target0Lun0
15:09:00.094 Disk 1 Vendor: ST375064 3.AA Size: 715404MB BusType: 1
15:09:00.110 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\hpt3xx1Port4Path0Target1Lun0
15:09:00.110 Disk 2 Vendor: ST375064 3.AA Size: 715404MB BusType: 1
15:09:00.125 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\SI31122Port6Path0Target0Lun0
15:09:00.125 Disk 3 Vendor: ST350064 3.AA Size: 476940MB BusType: 11
15:09:00.141 Disk 4 \Device\Harddisk4\DR4 -> \Device\Scsi\SI31122Port6Path1Target0Lun0
15:09:00.141 Disk 4 Vendor: ST350064 3.AA Size: 476940MB BusType: 11
15:09:00.157 Device \Driver\hpt3xx -> DriverStartIo SCSIPORT.SYS 893a79bb
15:09:00.172 Disk 1 MBR read successfully
15:09:00.188 Disk 1 MBR scan
15:09:00.204 Disk 1 Windows XP default MBR code
15:09:00.219 Disk 1 scanning sectors +1465144065
15:09:00.282 Disk 1 scanning C:\Windows\system32\drivers
15:09:07.266 Service scanning
15:09:09.157 Modules scanning
15:09:21.829 Disk 1 trace - called modules:
15:09:21.860 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS halmacpi.dll hpt3xx.sys
15:09:21.891 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x858e78e8]
15:09:21.907 3 CLASSPNP.SYS[89a7459e] -> nt!IofCallDriver -> \Device\Scsi\hpt3xx1Port4Path0Target0Lun0[0x8556f030]
15:09:21.922 Scan finished successfully
15:09:49.188 Disk 1 MBR has been saved successfully to "C:\Users\oh\Desktop\MBR.dat"
15:09:49.204 The log file has been saved successfully to "C:\Users\oh\Desktop\aswMBR.txt"

#5
Carolyncasl

Posted 27 November 2011 - 02:24 PM

Member

Topic Starter
Member
15 posts

Here is the DiskReport.txt

Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: MAGIC

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 H HD750G2 - M NTFS Simple 698 GB Healthy At Risk
Volume 1 Z DVD-ROM 0 B No Media
Volume 2 G HD120G - MA NTFS Partition 114 GB Healthy System
Volume 3 C HD750G - MA NTFS Partition 698 GB Healthy Boot
Volume 4 E HD500G - MA NTFS Partition 465 GB Healthy Pagefile
Volume 5 F HD500G2 - M NTFS Partition 465 GB Healthy Pagefile
Volume 6 X Removable 0 B No Media

#6
Essexboy

Posted 27 November 2011 - 04:11 PM

GeekU Moderator

Retired Staff
69,964 posts

I see you have run combofix, could you post the log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
[2011/11/21 19:09:52 | 000,000,000 | ---D | C] -- C:\virus2011

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#7
Carolyncasl

Posted 27 November 2011 - 05:21 PM

Member

Topic Starter
Member
15 posts

I had tried to run Combofix, but it never finished.

Here is the log after running the fix in OTL.

OTL logfile created on: 11/27/2011 6:09:37 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\oh\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.85% Memory free
4.50 Gb Paging File | 3.39 Gb Available in Paging File | 75.38% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 35.36 Gb Free Space | 5.06% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 253.38 Gb Free Space | 54.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 5.76 Gb Free Space | 1.24% Space Free | Partition Type: NTFS
Drive G: | 114.49 Gb Total Space | 33.43 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 4.00 Gb Free Space | 0.57% Space Free | Partition Type: NTFS

Computer Name: MAGIC | User Name: oh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 13:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\oh\Desktop\OTL.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Users\oh\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/19 21:47:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\oh\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/28 19:03:15 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/05 19:37:52 | 000,136,128 | ---- | M] (JP Software) -- C:\TCMD\tcc.exe
PRC - [2010/12/01 21:19:32 | 001,696,496 | ---- | M] (RealVNC Ltd) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2010/11/20 16:29:20 | 002,640,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/14 06:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2007/11/15 09:12:04 | 000,784,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/11/15 09:08:26 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/14 21:36:18 | 008,593,056 | ---- | M] () -- C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/01/05 19:38:12 | 000,294,128 | ---- | M] () -- C:\TCMD\onig.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 02:21:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/01 21:19:32 | 001,696,496 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/15 09:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/12/01 21:05:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2010/11/20 16:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/20 10:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008/08/20 10:27:26 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2008/08/20 10:27:08 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\SI3112.sys -- (SI3112)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/21 02:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/09/21 02:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 02:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/21 02:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/09/21 02:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/11 09:58:00 | 000,049,952 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpt3xx.sys -- (hpt3xx)
DRV - [2004/04/10 08:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 61 E6 78 47 31 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.1
FF - prefs.js..flock.keyword.provider: "Google"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/21 22:15:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2011/05/25 03:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/11/13 22:02:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 4\components [2011/10/01 13:56:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugins

[2011/05/25 03:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Extensions
[2011/05/25 03:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/11/13 15:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions
[2011/11/12 14:21:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/09 18:18:12 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/11/12 14:21:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/06/28 19:03:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\p1vepw30.default\extensions\[email protected]
[2011/05/25 01:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/25 01:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 04:41:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\oh\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\oh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\oh\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Social Fixer = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.201_0\
CHR - Extension: AVG Safe Search = C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2011/11/27 17:58:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = File not found
O4 - Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcmd.exe + autoexec.btm - Shortcut.lnk = C:\TCMD\tcmd.exe (JP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06981283-E60C-4913-856A-AC3852073764}: NameServer = 64.105.199.75,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/09 13:53:54 | 000,000,000 | ---- | M] () - F:\autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2003/12/31 19:02:05 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/15 15:22:15 | 000,000,098 | ---- | M] () - G:\autorun.ini -- [ NTFS ]
O32 - AutoRun File - [2011/05/24 13:40:55 | 000,000,000 | ---- | M] () - H:\autorun.ini -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 17:58:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/27 15:08:12 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\oh\Desktop\aswMBR.exe
[2011/11/27 13:58:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\oh\Desktop\OTL.exe
[2011/11/24 19:15:48 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Malwarebytes
[2011/11/24 19:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/24 19:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/24 19:15:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/24 19:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/21 22:16:46 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\AVG2012
[2011/11/21 22:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/21 22:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/11/21 22:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/21 22:13:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/21 21:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/21 18:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/21 17:38:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/20 19:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/20 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/20 18:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/11/20 17:10:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/20 17:10:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/20 17:10:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/20 17:09:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/20 16:59:20 | 004,303,424 | R--- | C] (Swearware) -- C:\Users\oh\Desktop\ComboFix.exe
[2011/11/20 16:38:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 18:08:35 | 110,914,329 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/27 18:04:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 18:04:22 | 1610,256,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 18:02:18 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 18:02:17 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 17:58:40 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/27 17:52:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814184897-3768303927-2348027941-1001UA.job
[2011/11/27 15:09:49 | 000,000,512 | ---- | M] () -- C:\Users\oh\Desktop\MBR.dat
[2011/11/27 13:58:57 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\oh\Desktop\aswMBR.exe
[2011/11/27 13:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\oh\Desktop\OTL.exe
[2011/11/26 22:52:02 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814184897-3768303927-2348027941-1001Core.job
[2011/11/23 18:10:33 | 000,018,231 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/22 20:34:59 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/22 20:34:59 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 22:15:29 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/21 17:34:50 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\oh\Desktop\ComboFix.exe
[2011/11/20 19:16:20 | 000,266,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/20 18:51:49 | 000,002,971 | ---- | M] () -- C:\Users\oh\Desktop\HiJackThis.lnk
[2011/11/18 17:54:32 | 000,002,403 | ---- | M] () -- C:\Users\oh\Desktop\Google Chrome.lnk
[2011/11/02 20:13:20 | 000,002,166 | ---- | M] () -- C:\Users\oh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 4.lnk
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 18:08:35 | 110,914,329 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/27 15:09:49 | 000,000,512 | ---- | C] () -- C:\Users\oh\Desktop\MBR.dat
[2011/11/23 18:10:33 | 000,018,231 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/21 22:15:29 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/21 22:14:31 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2011/11/20 18:51:49 | 000,002,971 | ---- | C] () -- C:\Users\oh\Desktop\HiJackThis.lnk
[2011/11/20 17:10:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/20 17:10:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/20 17:10:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/20 17:10:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/20 17:10:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/21 06:27:35 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2011/09/21 06:27:35 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/09/21 06:27:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/09/21 06:27:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/07/26 16:03:34 | 000,000,083 | ---- | C] () -- C:\Users\oh\AppData\Roaming\sversion.ini
[2011/07/26 16:01:52 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe
[2011/07/07 20:17:17 | 000,026,112 | ---- | C] () -- C:\Windows\System32\VNCpm.dll
[2011/06/10 13:19:51 | 001,481,728 | ---- | C] () -- C:\Windows\System32\LegitCheckControl.dll
[2011/06/06 08:27:20 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2011/06/06 08:27:18 | 000,414,208 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2011/06/06 08:27:18 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2011/05/31 21:25:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/05/31 21:25:28 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/25 03:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/24 18:28:56 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/05/24 18:28:03 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | C] () -- C:\Windows\expl.dat
[2010/11/20 16:29:20 | 000,286,720 | ---- | C] () -- C:\Windows\System32\winl.dat
[2010/11/20 16:29:20 | 000,020,992 | ---- | C] () -- C:\Windows\System32\svch.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,266,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 06:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2005/09/27 11:15:46 | 000,235,144 | ---- | C] () -- C:\Windows\System32\SetAid.dll
[2001/01/23 22:31:18 | 000,151,552 | ---- | C] () -- C:\Windows\System32\prntfix.exe
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[1998/06/11 12:08:06 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll

========== LOP Check ==========

[2011/11/21 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\AVG2012
[2011/11/02 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\BSW
[2011/07/09 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\EAC
[2011/11/27 17:57:34 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\EditPlus 3
[2011/05/25 03:27:40 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\Flock
[2011/05/24 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\LockHunter
[2011/11/27 18:15:55 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\uTorrent
[2009/07/13 23:53:46 | 000,011,154 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#8
Essexboy

Posted 28 November 2011 - 01:42 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets use a programme that will look deeper

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

Megaupload

#9
Carolyncasl

Posted 29 November 2011 - 09:30 PM

Member

Topic Starter
Member
15 posts

Here is the log file from the Kaspersky scan.

Status: Deleted (events: 4)
11/29/2011 7:55:42 AM Deleted malware DoS.Win32.Ataker.a C:\pub\Thumbdrive\UberUSB.TEMP.SOFAR\monitoring of events\attacker.exe Medium
11/29/2011 7:49:58 PM Deleted malware HackTool.Win32.Sniffer.EtherFlood.a C:\UTIL\GrabItAll-EternetTraffic(Attack)Redirector\EthDrv.sys Medium
11/29/2011 7:50:00 PM Deleted malware DoS.Win32.Ataker.a C:\UTIL\monitoring of events\attacker.exe Medium
11/29/2011 7:49:58 PM Deleted malware HackTool.Win32.Sniffer.EtherFlood.a C:\UTIL\monitoring of events\GrabItAll-EternetTraffic(Attack)Redirector\EthDrv.sys Medium

#10
Carolyncasl

Posted 30 November 2011 - 06:55 AM

Member

Topic Starter
Member
15 posts

Here is the zip file.

avptool_sysinfo.zip 18.81KB 105 downloads

#11
Essexboy

Posted 30 November 2011 - 01:25 PM

GeekU Moderator

Retired Staff
69,964 posts

What problems are you experiencing at the moment ?

#12
Carolyncasl

Posted 30 November 2011 - 05:58 PM

Member

Topic Starter
Member
15 posts

Well, something is spawning internet explorer, but I blocked IE with the firewall so it's not broadcasting. I also have a bat file running that kills the internet explorer process just in case. Also, my hosts file seems to have stopped working since trying all these steps.

Thank you very much for your help!

#13
Essexboy

Posted 01 December 2011 - 01:41 PM

GeekU Moderator

Retired Staff
69,964 posts

That is not quite good enough for me - you should not need to run a batch file, lets go the whole hog now

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#14
Carolyncasl

Posted 03 December 2011 - 04:08 PM

Member

Topic Starter
Member
15 posts

Combofix doesn't seem to work. It says it's scanning and may take 10 minutes.. Then eventually, it ends up rebooting, but there is no log file in C:\. I also tried it in safemode, but that didn't work either.

#15
Essexboy

Posted 03 December 2011 - 05:22 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you do the following:

Click on the Start button and then choose Control Panel.
Click on the System and Security link.

Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
In the Administrative Tools window, double-click on the Computer Management icon.
When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.