Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse Dropper Generic, I-Worm, etc [Solved]

Started by YellowRubberDuck , Dec 16 2011 06:38 AM

  • This topic is locked This topic is locked

#1
YellowRubberDuck
Posted 16 December 2011 - 06:38 AM

YellowRubberDuck

    Member

  • Member
  • PipPipPip
  • 109 posts
System running slow. Often hangs. USB drives shown as shortcuts, and got infected as well.

Please help. Thank you.

OTL.txt

OTL logfile created on: 16/12/2011 8:09:04 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 354.71 Mb Available Physical Memory | 34.66% Memory free
2.40 Gb Paging File | 1.56 Gb Available in Paging File | 65.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.42 Gb Total Space | 90.09 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Drive E: | 830.09 Gb Total Space | 401.34 Gb Free Space | 48.35% Space Free | Partition Type: NTFS

Computer Name: TAOOFF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 20:03:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 12:15:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2011/04/16 03:14:18 | 000,076,656 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2011/04/15 17:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe
PRC - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
PRC - [2008/09/22 11:49:36 | 000,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
PRC - [2008/05/12 13:57:10 | 000,094,208 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\WSERVER.EXE
PRC - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
PRC - [2007/07/27 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/27 20:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
PRC - [2006/11/02 14:54:28 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
PRC - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE
PRC - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 12:15:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/05 07:30:07 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\12f747d8c55af245ba7cead511afdb81\System.Configuration.ni.dll
MOD - [2011/07/04 16:29:23 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\2bae7e176b7ef944ab25fe446c56e5a0\System.Xml.ni.dll
MOD - [2011/07/04 16:28:53 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\958f86b7beffeb498076b5ca20cf5321\System.ni.dll
MOD - [2011/07/04 16:28:39 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca9367cfd349024c89376ea984984ffd\mscorlib.ni.dll
MOD - [2011/07/04 16:28:13 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011/07/04 16:28:13 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/07/04 16:28:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/06/28 13:47:20 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/06 02:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
MOD - [2009/09/11 11:30:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.ScheduledJob.dll
MOD - [2009/09/11 11:30:26 | 000,007,168 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.UBSLogger.dll
MOD - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
MOD - [2008/06/14 10:44:32 | 000,106,567 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\VOICEALARM.DLL
MOD - [2008/06/14 10:41:48 | 000,159,744 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DVRCONFIG.DLL
MOD - [2008/06/14 10:23:42 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\NETVIDEOSERVER.DLL
MOD - [2008/06/12 15:18:08 | 004,710,400 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\EMAP.DLL
MOD - [2008/06/12 15:16:04 | 000,139,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\RESCOM.DLL
MOD - [2008/06/12 15:15:10 | 000,131,072 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\AUTOMAIL.DLL
MOD - [2008/05/12 13:57:20 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DEV_SC_COM.DLL
MOD - [2008/05/12 13:57:10 | 000,094,208 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\WSERVER.EXE
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\PROTOCOL.DLL
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
MOD - [2008/05/12 13:57:06 | 000,686,592 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\JPGDLL.DLL
MOD - [2008/05/12 13:57:04 | 000,028,672 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\ALARMCARD.DLL
MOD - [2008/05/12 13:56:56 | 001,675,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\UICom.dll
MOD - [2007/07/27 20:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/27 20:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) [Auto | Running] -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe -- (SageUBSLicenseService)
SRV - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe -- (SageUBSBackupService)
SRV - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/29 13:11:35 | 000,024,612 | ---- | M] ( Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TD3004F60v.sys -- (TD3004F60v)
DRV - [2010/11/02 19:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.245:8080

========== FireFox ==========

FF - prefs.js..network.proxy.ftp: "192.168.0.245"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "192.168.0.245"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.245"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.0.245"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/15 16:46:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/12 12:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/27 13:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/12/15 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions
[2011/12/15 15:52:30 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/15 16:46:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/05/20 13:09:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/12 12:15:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/12 12:15:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2007/07/27 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Panasonic Communications Co.,Ltd.)
O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk = C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.23.239.24 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E941C6-D4FF-4315-BF06-3A967B8F49BD}: DhcpNameServer = 50.23.239.24 208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/18 12:37:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{129476c0-8c2e-11e0-b7e4-0016e6d7c65a}\Shell\AutoRun\command - "" = w9.exe
O33 - MountPoints2\{129476c0-8c2e-11e0-b7e4-0016e6d7c65a}\Shell\open\Command - "" = w9.exe
O33 - MountPoints2\{129476c1-8c2e-11e0-b7e4-0016e6d7c65a}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{129476c1-8c2e-11e0-b7e4-0016e6d7c65a}\Shell\open\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{5f3efd81-b1dc-11e0-b7ea-0016e6d7c65a}\Shell - "" = AutoRun
O33 - MountPoints2\{5f3efd81-b1dc-11e0-b7ea-0016e6d7c65a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f3efd81-b1dc-11e0-b7ea-0016e6d7c65a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{98cf5b63-91e8-11e0-b7e5-0016e6d7c65a}\Shell\AutoRun\command - "" = w9.exe
O33 - MountPoints2\{98cf5b63-91e8-11e0-b7e5-0016e6d7c65a}\Shell\open\Command - "" = w9.exe
O33 - MountPoints2\{98cf5b64-91e8-11e0-b7e5-0016e6d7c65a}\Shell\AutoRun\command - "" = F:\b9v.exe
O33 - MountPoints2\{98cf5b64-91e8-11e0-b7e5-0016e6d7c65a}\Shell\open\Command - "" = F:\b9v.exe
O33 - MountPoints2\{98cf5b65-91e8-11e0-b7e5-0016e6d7c65a}\Shell\AutoRun\command - "" = F:\b9v.exe
O33 - MountPoints2\{98cf5b65-91e8-11e0-b7e5-0016e6d7c65a}\Shell\open\Command - "" = F:\b9v.exe
O33 - MountPoints2\{bed0f4c9-1972-11e1-b7fd-0016e6d7c65a}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{bed0f4c9-1972-11e1-b7fd-0016e6d7c65a}\Shell\open\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c810d99a-d518-11e0-b7ef-0016e6d7c65a}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c810d99a-d518-11e0-b7ef-0016e6d7c65a}\Shell\open\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 20:00:37 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/12/16 00:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/15 17:49:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/12/15 16:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/12/15 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/12/15 16:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 16:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/12/15 16:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/15 15:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/12/15 15:50:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/15 15:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/15 03:01:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/12/14 12:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/22 10:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\YEA BBQ PIX
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/16 20:05:16 | 000,209,930 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/16 20:05:15 | 000,153,894 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/16 19:58:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/16 12:58:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/16 10:49:02 | 000,228,309 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Drawing-Tao%20Cuisine-2.JPG
[2011/12/16 10:28:42 | 112,228,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/16 03:18:55 | 000,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/16 03:18:55 | 000,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/16 03:17:50 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2011/12/16 03:16:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/16 03:00:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/15 18:39:40 | 000,051,785 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/15 16:46:13 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/15 15:35:52 | 000,000,368 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/15 15:34:33 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:34:11 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/15 03:22:23 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 21:18:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/12/14 21:15:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/13 11:53:54 | 000,000,396 | ---- | M] () -- C:\WINDOWS\KmPcFax.INI
[2011/12/12 09:23:23 | 000,047,109 | -H-- | M] () -- C:\WINDOWS\System32\userdiff.sav
[2011/12/12 09:23:23 | 000,047,109 | -H-- | M] () -- C:\Documents and Settings\User\userdiff.sav
[2011/12/05 13:53:33 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/03 11:02:10 | 000,007,122 | ---- | M] () -- C:\Documents and Settings\User\Desktop\japan2.jpg
[2011/12/03 11:01:41 | 000,025,796 | ---- | M] () -- C:\Documents and Settings\User\Desktop\japan1.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/16 10:49:47 | 000,228,309 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Drawing-Tao%20Cuisine-2.JPG
[2011/12/16 10:28:42 | 112,228,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/15 18:39:40 | 000,051,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/15 16:46:13 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/15 15:35:52 | 000,000,368 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/15 15:34:11 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/15 15:34:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:32:16 | 000,209,930 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/15 15:32:08 | 000,153,894 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/14 21:18:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/12/12 09:23:23 | 000,047,109 | -H-- | C] () -- C:\WINDOWS\System32\userdiff.sav
[2011/12/12 09:23:23 | 000,047,109 | -H-- | C] () -- C:\Documents and Settings\User\userdiff.sav
[2011/12/03 11:02:19 | 000,007,122 | ---- | C] () -- C:\Documents and Settings\User\Desktop\japan2.jpg
[2011/12/03 11:02:01 | 000,025,796 | ---- | C] () -- C:\Documents and Settings\User\Desktop\japan1.jpg
[2011/11/25 12:00:37 | 000,612,309 | ---- | C] () -- C:\Documents and Settings\User\Desktop\sake jar set.psd
[2011/11/25 11:55:26 | 000,032,763 | ---- | C] () -- C:\Documents and Settings\User\Desktop\sake jar.jpg
[2011/11/24 18:33:30 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2011/10/08 14:24:34 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP38.INI
[2011/08/08 17:05:22 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 13:16:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/02 09:15:31 | 000,000,396 | ---- | C] () -- C:\WINDOWS\KmPcFax.INI
[2011/05/29 13:11:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2011/05/29 13:11:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2011/05/29 13:11:39 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2011/05/19 14:42:49 | 000,000,257 | ---- | C] () -- C:\WINDOWS\PanaFLB881.ini
[2011/05/19 14:42:49 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iris.ini
[2011/05/19 14:42:46 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2011/05/18 20:25:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/18 20:24:18 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 14:57:07 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/18 14:56:15 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/18 14:56:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 12:38:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 12:34:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/27 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 20:00:00 | 000,395,530 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 20:00:00 | 000,059,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 20:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2007/07/27 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 20:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/07/27 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/12/15 16:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 15:50:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/29 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2011/06/23 15:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/12/16 19:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/19 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2011/12/16 00:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/15 16:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/10/11 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2011/07/14 09:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Panasonic
[2011/12/15 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/05/29 13:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/13 14:30:04 | 000,020,480 | ---- | M] ()(C:\Documents and Settings\User\Desktop\BTH+592+?...xls) -- C:\Documents and Settings\User\Desktop\BTH+592+到...xls
[2011/12/13 14:30:01 | 000,020,480 | ---- | C] ()(C:\Documents and Settings\User\Desktop\BTH+592+?...xls) -- C:\Documents and Settings\User\Desktop\BTH+592+到...xls
[2011/12/01 10:01:09 | 000,015,385 | ---- | C] ()(C:\Documents and Settings\User\Desktop\?????????...docx) -- C:\Documents and Settings\User\Desktop\培根串烧ベーコン串...docx
[2011/11/16 09:49:58 | 000,015,385 | ---- | M] ()(C:\Documents and Settings\User\Desktop\?????????...docx) -- C:\Documents and Settings\User\Desktop\培根串烧ベーコン串...docx
[2011/09/14 17:22:12 | 017,141,248 | ---- | M] ()(C:\Documents and Settings\User\Desktop\??2(1).xls) -- C:\Documents and Settings\User\Desktop\汪生2(1).xls
[2011/09/14 17:22:12 | 017,141,248 | ---- | C] ()(C:\Documents and Settings\User\Desktop\??2(1).xls) -- C:\Documents and Settings\User\Desktop\汪生2(1).xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 1034029 bytes -> C:\WINDOWS\Temp:temp

< End of report >

Extras.txt

OTL Extras logfile created on: 16/12/2011 8:09:04 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 354.71 Mb Available Physical Memory | 34.66% Memory free
2.40 Gb Paging File | 1.56 Gb Available in Paging File | 65.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.42 Gb Total Space | 90.09 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Drive E: | 830.09 Gb Total Space | 401.34 Gb Free Space | 48.35% Space Free | Partition Type: NTFS

Computer Name: TAOOFF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"80:TCP" = 80:TCP:*:Enabled:80
"1159:TCP" = 1159:TCP:*:Enabled:1159
"1160:TCP" = 1160:TCP:*:Enabled:1160
"1161:TCP" = 1161:TCP:*:Enabled:1161
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe" = C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe:*:Enabled:Panasonic Trap Monitor Service -- (Panasonic)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe" = C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe:*:Enabled:Cap4 -- ()
"C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE" = C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE:*:Enabled:MediaServer -- ()
"C:\Program Files\CamGuardian DVR\CamGuardian DVR\WSERVER.EXE" = C:\Program Files\CamGuardian DVR\CamGuardian DVR\WSERVER.EXE:*:Enabled:WServer -- ()
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 30
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4129CA8E-7E75-4eee-BAE5-AA7707AA7708}" = Canon MF4400 Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012
"{4EBB8E48-74B9-4CA5-A2A0-45ACC0FA7A1E}" = DVRCMS
"{5061C9FB-BA2D-4498-92B6-5459A0E2F6E3}" = Panasonic V1.13.00E Device Monitor
"{53DE4FAD-F853-44F3-AC39-AD2940E5DD53}" = Panasonic Multi-Function Station software
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{875F2DAB-3B03-11D5-AB3E-000102B0F79A}" = Readiris Pro 7.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{96A76BA6-1D5A-6D11-6923-445435450000}" = UBS Accounting System 9.1
"{A436B59A-756E-426F-A348-2BE1BE99B86F}" = AVG 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{DA427272-904E-4EC2-BCC8-07B39B8EFA78}" = CamGuardian DVR
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"DynDNSUpdater" = DynDNS Updater
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"TeamViewer 6" = TeamViewer 6
"UBS Accounting" = UBS Accounting 9.4.4
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/09/2011 9:00:20 PM | Computer Name = TAOOFF | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ubs.phoenix.server.exe, P2 1.0.0.0, P3 4d8ffd1a,
P4 ubs.phoenix.services, P5 1.0.0.0, P6 4d8ffd18, P7 24, P8 1b, P9 system.typeinitialization,
P10 NIL.

Error - 16/09/2011 12:02:03 PM | Computer Name = TAOOFF | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ubs.phoenix.server.exe, P2 1.0.0.0, P3 4d8ffd1a,
P4 ubs.phoenix.services, P5 1.0.0.0, P6 4d8ffd18, P7 24, P8 1b, P9 system.typeinitialization,
P10 NIL.

Error - 17/09/2011 1:51:48 AM | Computer Name = TAOOFF | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ubs.phoenix.server.exe, P2 1.0.0.0, P3 4d8ffd1a,
P4 ubs.phoenix.services, P5 1.0.0.0, P6 4d8ffd18, P7 24, P8 1b, P9 system.typeinitialization,
P10 NIL.

Error - 22/09/2011 4:58:18 AM | Computer Name = TAOOFF | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 26/09/2011 12:01:58 PM | Computer Name = TAOOFF | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ubs.phoenix.server.exe, P2 1.0.0.0, P3 4d8ffd1a,
P4 ubs.phoenix.services, P5 1.0.0.0, P6 4d8ffd18, P7 24, P8 1b, P9 system.typeinitialization,
P10 NIL.

Error - 28/09/2011 6:47:19 PM | Computer Name = TAOOFF | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ubs.phoenix.server.exe, P2 1.0.0.0, P3 4d8ffd1a,
P4 ubs.phoenix.services, P5 1.0.0.0, P6 4d8ffd18, P7 24, P8 1b, P9 system.typeinitialization,
P10 NIL.

Error - 29/09/2011 5:18:37 AM | Computer Name = TAOOFF | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/10/2011 12:02:10 PM | Computer Name = TAOOFF | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ubs.phoenix.server.exe, P2 1.0.0.0, P3 4d8ffd1a,
P4 ubs.phoenix.services, P5 1.0.0.0, P6 4d8ffd18, P7 24, P8 1b, P9 system.typeinitialization,
P10 NIL.

Error - 16/10/2011 12:02:03 PM | Computer Name = TAOOFF | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ubs.phoenix.server.exe, P2 1.0.0.0, P3 4d8ffd1a,
P4 ubs.phoenix.services, P5 1.0.0.0, P6 4d8ffd18, P7 24, P8 1b, P9 system.typeinitialization,
P10 NIL.

Error - 26/10/2011 12:01:59 PM | Computer Name = TAOOFF | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ubs.phoenix.server.exe, P2 1.0.0.0, P3 4d8ffd1a,
P4 ubs.phoenix.services, P5 1.0.0.0, P6 4d8ffd18, P7 24, P8 1b, P9 system.typeinitialization,
P10 NIL.

[ System Events ]
Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Sage
Software\LicenseService\UBS.Common.Win32Utils.dll. Reference error message: The
operation completed successfully. .

Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Sage
Software\LicenseService\UBS.Common.Win32Utils.dll. Reference error message: The
operation completed successfully. .

Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 15/12/2011 3:36:15 AM | Computer Name = TAOOFF | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Sage
Software\LicenseService\UBS.Common.Win32Utils.dll. Reference error message: The
operation completed successfully. .

Error - 15/12/2011 3:36:23 AM | Computer Name = TAOOFF | Source = Service Control Manager | ID = 7034
Description = The Sage UBS License Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >
  • 0

Advertisements

#2
ali.B
Posted 16 December 2011 - 02:44 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.245:8080
FF - prefs.js..network.proxy.ftp: "192.168.0.245"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "192.168.0.245"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.245"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.0.245"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
O33 - MountPoints2\{129476c0-8c2e-11e0-b7e4-0016e6d7c65a}\Shell\AutoRun\command - "" = w9.exe
O33 - MountPoints2\{129476c0-8c2e-11e0-b7e4-0016e6d7c65a}\Shell\open\Command - "" = w9.exe
O33 - MountPoints2\{129476c1-8c2e-11e0-b7e4-0016e6d7c65a}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{129476c1-8c2e-11e0-b7e4-0016e6d7c65a}\Shell\open\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{5f3efd81-b1dc-11e0-b7ea-0016e6d7c65a}\Shell - "" = AutoRun
O33 - MountPoints2\{5f3efd81-b1dc-11e0-b7ea-0016e6d7c65a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f3efd81-b1dc-11e0-b7ea-0016e6d7c65a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{98cf5b63-91e8-11e0-b7e5-0016e6d7c65a}\Shell\AutoRun\command - "" = w9.exe
O33 - MountPoints2\{98cf5b63-91e8-11e0-b7e5-0016e6d7c65a}\Shell\open\Command - "" = w9.exe
O33 - MountPoints2\{98cf5b64-91e8-11e0-b7e5-0016e6d7c65a}\Shell\AutoRun\command - "" = F:\b9v.exe
O33 - MountPoints2\{98cf5b64-91e8-11e0-b7e5-0016e6d7c65a}\Shell\open\Command - "" = F:\b9v.exe
O33 - MountPoints2\{98cf5b65-91e8-11e0-b7e5-0016e6d7c65a}\Shell\AutoRun\command - "" = F:\b9v.exe
O33 - MountPoints2\{98cf5b65-91e8-11e0-b7e5-0016e6d7c65a}\Shell\open\Command - "" = F:\b9v.exe
O33 - MountPoints2\{bed0f4c9-1972-11e1-b7fd-0016e6d7c65a}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{bed0f4c9-1972-11e1-b7fd-0016e6d7c65a}\Shell\open\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c810d99a-d518-11e0-b7ef-0016e6d7c65a}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c810d99a-d518-11e0-b7ef-0016e6d7c65a}\Shell\open\command - "" = C:\WINDOWS\System32\CMD.exe -- [2007/07/27 20:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
[2011/12/13 14:30:04 | 000,020,480 | ---- | M] ()(C:\Documents and Settings\User\Desktop\BTH+592+?...xls) -- C:\Documents and Settings\User\Desktop\BTH+592+?...xls
[2011/12/13 14:30:01 | 000,020,480 | ---- | C] ()(C:\Documents and Settings\User\Desktop\BTH+592+?...xls) -- C:\Documents and Settings\User\Desktop\BTH+592+?...xls
[2011/12/01 10:01:09 | 000,015,385 | ---- | C] ()(C:\Documents and Settings\User\Desktop\?????????...docx) -- C:\Documents and Settings\User\Desktop\?????????...docx
[2011/11/16 09:49:58 | 000,015,385 | ---- | M] ()(C:\Documents and Settings\User\Desktop\?????????...docx) -- C:\Documents and Settings\User\Desktop\?????????...docx
[2011/09/14 17:22:12 | 017,141,248 | ---- | M] ()(C:\Documents and Settings\User\Desktop\??2(1).xls) -- C:\Documents and Settings\User\Desktop\??2(1).xls
[2011/09/14 17:22:12 | 017,141,248 | ---- | C] ()(C:\Documents and Settings\User\Desktop\??2(1).xls) -- C:\Documents and Settings\User\Desktop\??2(1).xls

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the programa run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
YellowRubberDuck
Posted 19 December 2011 - 05:17 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL

OTL logfile created on: 19/12/2011 7:07:55 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 327.16 Mb Available Physical Memory | 31.97% Memory free
2.40 Gb Paging File | 1.75 Gb Available in Paging File | 72.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.42 Gb Total Space | 86.85 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive E: | 830.09 Gb Total Space | 395.23 Gb Free Space | 47.61% Space Free | Partition Type: NTFS

Computer Name: TAOOFF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 20:03:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 12:15:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2011/04/16 03:14:18 | 000,076,656 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2011/04/15 17:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe
PRC - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
PRC - [2008/09/22 11:49:36 | 000,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
PRC - [2008/05/12 13:57:10 | 000,094,208 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\WSERVER.EXE
PRC - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 14:54:28 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
PRC - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE
PRC - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/19 18:31:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
MOD - [2011/12/19 18:31:06 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
MOD - [2011/12/19 18:29:30 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
MOD - [2011/12/19 03:11:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
MOD - [2011/12/19 03:09:36 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2011/12/19 03:09:20 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2011/12/19 03:08:27 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/12 12:15:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/02/06 02:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
MOD - [2009/09/11 11:30:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.ScheduledJob.dll
MOD - [2009/09/11 11:30:26 | 000,007,168 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.UBSLogger.dll
MOD - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
MOD - [2008/06/14 10:44:32 | 000,106,567 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\VOICEALARM.DLL
MOD - [2008/06/14 10:41:48 | 000,159,744 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DVRCONFIG.DLL
MOD - [2008/06/14 10:23:42 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\NETVIDEOSERVER.DLL
MOD - [2008/06/12 15:18:08 | 004,710,400 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\EMAP.DLL
MOD - [2008/06/12 15:16:04 | 000,139,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\RESCOM.DLL
MOD - [2008/06/12 15:15:10 | 000,131,072 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\AUTOMAIL.DLL
MOD - [2008/05/12 13:57:20 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DEV_SC_COM.DLL
MOD - [2008/05/12 13:57:10 | 000,094,208 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\WSERVER.EXE
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\PROTOCOL.DLL
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
MOD - [2008/05/12 13:57:06 | 000,686,592 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\JPGDLL.DLL
MOD - [2008/05/12 13:57:04 | 000,028,672 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\ALARMCARD.DLL
MOD - [2008/05/12 13:56:56 | 001,675,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\UICom.dll
MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 20:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) [Auto | Running] -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe -- (SageUBSLicenseService)
SRV - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe -- (SageUBSBackupService)
SRV - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/29 13:11:35 | 000,024,612 | ---- | M] ( Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TD3004F60v.sys -- (TD3004F60v)
DRV - [2010/11/02 19:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.share_proxy_settings: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/15 16:46:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/12 12:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/27 13:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/12/15 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions
[2011/12/15 15:52:30 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/15 16:46:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/05/20 13:09:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/12 12:15:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/12 12:15:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/12/19 19:02:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Panasonic Communications Co.,Ltd.)
O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk = C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.23.239.24 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E941C6-D4FF-4315-BF06-3A967B8F49BD}: DhcpNameServer = 50.23.239.24 208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/18 12:37:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 19:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/12/19 19:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/19 19:10:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/19 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/19 19:02:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/19 14:59:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/19 10:33:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/12/19 10:33:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/12/19 10:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/12/19 10:33:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/12/19 10:26:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/12/19 10:22:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/12/19 03:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/12/19 03:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/12/19 03:02:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/19 03:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/12/18 03:00:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/12/16 20:00:37 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/12/16 00:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/15 17:49:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/12/15 16:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/12/15 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/12/15 16:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 16:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/12/15 16:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/15 15:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/12/15 15:50:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/15 15:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/15 03:01:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/12/14 12:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/22 10:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\YEA BBQ PIX

========== Files - Modified Within 30 Days ==========

[2011/12/19 19:12:27 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/19 19:10:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 19:06:57 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2011/12/19 19:06:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/12/19 19:05:56 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/19 19:05:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/19 19:02:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/19 19:01:58 | 084,572,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/19 18:58:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/19 15:02:53 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/19 15:02:53 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/19 15:01:37 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/19 14:59:32 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/19 14:59:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/19 14:58:43 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/19 10:26:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/16 20:05:16 | 000,209,930 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/16 20:05:15 | 000,153,894 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/16 10:49:02 | 000,228,309 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Drawing-Tao%20Cuisine-2.JPG
[2011/12/15 18:39:40 | 000,051,785 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/15 16:46:13 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/15 15:35:52 | 000,000,368 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/15 15:34:33 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:34:11 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/14 21:18:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/12/13 11:53:54 | 000,000,396 | ---- | M] () -- C:\WINDOWS\KmPcFax.INI
[2011/12/12 09:23:23 | 000,047,109 | -H-- | M] () -- C:\WINDOWS\System32\userdiff.sav
[2011/12/12 09:23:23 | 000,047,109 | -H-- | M] () -- C:\Documents and Settings\User\userdiff.sav
[2011/12/05 13:53:33 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/03 11:02:10 | 000,007,122 | ---- | M] () -- C:\Documents and Settings\User\Desktop\japan2.jpg
[2011/12/03 11:01:41 | 000,025,796 | ---- | M] () -- C:\Documents and Settings\User\Desktop\japan1.jpg

========== Files Created - No Company Name ==========

[2011/12/19 19:10:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 19:01:58 | 084,572,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/18 07:16:17 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/12/18 07:16:17 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/12/18 07:16:17 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/12/18 07:16:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/12/18 07:16:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/12/18 07:16:17 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/12/18 07:16:17 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/12/18 07:16:17 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/12/18 07:16:17 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/12/18 07:16:17 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/12/18 07:16:17 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/12/18 07:16:17 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/12/18 07:16:16 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/12/18 07:16:16 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/12/18 07:16:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/12/18 07:16:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/12/18 07:16:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/12/18 07:16:16 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/12/18 07:16:16 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/12/18 07:16:16 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/12/18 07:16:16 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/12/18 07:16:16 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/12/18 07:16:16 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/12/18 07:16:16 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/12/18 07:16:16 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/12/18 07:16:16 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/12/18 07:16:16 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/12/18 07:16:16 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/12/18 07:16:16 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/12/18 07:16:16 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/12/18 07:16:15 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/12/18 07:16:15 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/12/18 07:16:15 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/12/18 07:16:15 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/12/18 07:16:15 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/12/18 07:16:15 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/12/18 07:16:15 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/12/18 07:16:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/12/18 07:16:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/12/18 07:16:15 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/12/18 07:16:14 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/12/18 07:16:14 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/12/18 07:16:14 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/12/18 07:16:13 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/12/18 07:16:13 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/12/18 07:16:13 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/12/18 07:16:13 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/12/18 07:16:12 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/12/18 07:16:12 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/12/18 07:16:12 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/12/18 07:16:11 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/12/18 07:16:11 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/12/18 07:16:07 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/12/18 07:16:04 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/12/18 07:16:04 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/12/18 07:16:04 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/12/18 07:16:04 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/12/18 07:16:04 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/12/18 07:16:03 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/12/18 07:16:03 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/12/18 07:16:03 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/12/18 07:16:03 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/12/18 07:16:03 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/12/18 07:16:03 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/12/18 07:14:58 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/12/18 03:00:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/12/16 10:49:47 | 000,228,309 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Drawing-Tao%20Cuisine-2.JPG
[2011/12/15 18:39:40 | 000,051,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/15 16:46:13 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/15 15:35:52 | 000,000,368 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/15 15:34:11 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/15 15:34:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:32:16 | 000,209,930 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/15 15:32:08 | 000,153,894 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/14 21:18:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/12/12 09:23:23 | 000,047,109 | -H-- | C] () -- C:\WINDOWS\System32\userdiff.sav
[2011/12/12 09:23:23 | 000,047,109 | -H-- | C] () -- C:\Documents and Settings\User\userdiff.sav
[2011/12/03 11:02:19 | 000,007,122 | ---- | C] () -- C:\Documents and Settings\User\Desktop\japan2.jpg
[2011/12/03 11:02:01 | 000,025,796 | ---- | C] () -- C:\Documents and Settings\User\Desktop\japan1.jpg
[2011/11/25 12:00:37 | 000,612,309 | ---- | C] () -- C:\Documents and Settings\User\Desktop\sake jar set.psd
[2011/11/25 11:55:26 | 000,032,763 | ---- | C] () -- C:\Documents and Settings\User\Desktop\sake jar.jpg
[2011/11/24 18:33:30 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2011/10/08 14:24:34 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP38.INI
[2011/08/08 17:05:22 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 13:16:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/02 09:15:31 | 000,000,396 | ---- | C] () -- C:\WINDOWS\KmPcFax.INI
[2011/05/29 13:11:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2011/05/29 13:11:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2011/05/29 13:11:39 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2011/05/19 14:42:49 | 000,000,257 | ---- | C] () -- C:\WINDOWS\PanaFLB881.ini
[2011/05/19 14:42:49 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iris.ini
[2011/05/19 14:42:46 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2011/05/18 20:25:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/18 20:24:18 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 14:57:07 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/18 14:56:15 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/18 14:56:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 12:38:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 12:34:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/27 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 20:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 20:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/12/15 16:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 15:50:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/29 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2011/06/23 15:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/12/19 19:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/19 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2011/12/16 00:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/15 16:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/10/11 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2011/07/14 09:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Panasonic
[2011/12/15 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/05/29 13:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2011/12/19 19:06:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/13 14:30:04 | 000,020,480 | ---- | M] ()(C:\Documents and Settings\User\Desktop\BTH+592+?...xls) -- C:\Documents and Settings\User\Desktop\BTH+592+到...xls
[2011/12/13 14:30:01 | 000,020,480 | ---- | C] ()(C:\Documents and Settings\User\Desktop\BTH+592+?...xls) -- C:\Documents and Settings\User\Desktop\BTH+592+到...xls
[2011/12/01 10:01:09 | 000,015,385 | ---- | C] ()(C:\Documents and Settings\User\Desktop\?????????...docx) -- C:\Documents and Settings\User\Desktop\培根串烧ベーコン串...docx
[2011/11/16 09:49:58 | 000,015,385 | ---- | M] ()(C:\Documents and Settings\User\Desktop\?????????...docx) -- C:\Documents and Settings\User\Desktop\培根串烧ベーコン串...docx
[2011/09/14 17:22:12 | 017,141,248 | ---- | M] ()(C:\Documents and Settings\User\Desktop\??2(1).xls) -- C:\Documents and Settings\User\Desktop\汪生2(1).xls
[2011/09/14 17:22:12 | 017,141,248 | ---- | C] ()(C:\Documents and Settings\User\Desktop\??2(1).xls) -- C:\Documents and Settings\User\Desktop\汪生2(1).xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 1034029 bytes -> C:\WINDOWS\Temp:temp

< End of report >


MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8396

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/12/2011 7:16:53 PM
mbam-log-2011-12-19 (19-16-53).txt

Scan type: Quick scan
Objects scanned: 153126
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
YellowRubberDuck
Posted 19 December 2011 - 08:21 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Fyi, AVG repeatedly detected Win32/Heur and I-Worm/Brontok.PB. I followed all recommended actions (Remove/move to vault).
  • 0

#5
ali.B
Posted 20 December 2011 - 08:55 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply
  • 0

#6
YellowRubberDuck
Posted 20 December 2011 - 11:40 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
ComboFix 11-12-20.04 - User 21/12/2011 13:02:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.289 [GMT 8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\User\userdiff.sav
C:\WINDOWS\system32\userdiff.sav


((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))


2011-12-19 11:10:50 . 2011-12-19 11:10:50 -------- d-----w- C:\Documents and Settings\User\Application Data\Malwarebytes
2011-12-19 11:10:44 . 2011-12-19 11:10:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-12-19 11:10:41 . 2011-08-31 09:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-12-19 11:10:40 . 2011-12-19 11:10:46 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-19 11:02:34 . 2011-12-19 11:02:34 -------- d-----w- C:\_OTL
2011-12-19 05:04:04 . 2010-09-18 06:53:25 953856 -c----w- C:\WINDOWS\system32\dllcache\mfc40u.dll
2011-12-19 04:59:45 . 2010-08-23 16:12:04 617472 -c----w- C:\WINDOWS\system32\dllcache\comctl32.dll
2011-12-19 04:54:59 . 2010-11-02 15:17:02 40960 -c----w- C:\WINDOWS\system32\dllcache\ndproxy.sys
2011-12-19 04:47:16 . 2011-06-24 14:10:36 139656 -c----w- C:\WINDOWS\system32\dllcache\rdpwd.sys
2011-12-19 04:47:10 . 2011-04-21 13:37:43 105472 -c----w- C:\WINDOWS\system32\dllcache\mup.sys
2011-12-19 04:34:38 . 2011-07-08 14:02:00 10496 -c----w- C:\WINDOWS\system32\dllcache\ndistapi.sys
2011-12-19 04:33:58 . 2010-10-11 14:59:30 45568 -c----w- C:\WINDOWS\system32\dllcache\wab.exe
2011-12-19 02:33:29 . 2011-12-19 02:33:36 -------- d-----w- C:\WINDOWS\system32\scripting
2011-12-19 02:33:29 . 2011-12-19 02:33:29 -------- d-----w- C:\WINDOWS\l2schemas
2011-12-19 02:33:27 . 2011-12-19 02:33:34 -------- d-----w- C:\WINDOWS\system32\en
2011-12-19 02:33:24 . 2011-12-19 02:33:34 -------- d-----w- C:\WINDOWS\system32\bits
2011-12-18 19:05:15 . 2011-12-18 19:05:15 -------- d-----w- C:\WINDOWS\system32\XPSViewer
2011-12-18 19:05:02 . 2011-12-18 19:05:02 -------- d-----w- C:\Program Files\Reference Assemblies
2011-12-18 19:04:50 . 2008-07-06 12:06:10 89088 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-12-18 19:04:31 . 2008-07-06 12:06:10 89088 -c----w- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2011-12-18 19:04:31 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll
2011-12-18 19:04:31 . 2008-07-06 10:50:03 597504 -c----w- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2011-12-18 19:04:31 . 2008-07-06 10:50:03 597504 ------w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-12-18 19:04:30 . 2008-07-06 12:06:10 575488 -c----w- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2011-12-18 19:04:30 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll
2011-12-18 19:04:29 . 2008-07-06 12:06:10 1676288 -c----w- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2011-12-18 19:04:29 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll
2011-12-18 19:01:14 . 2011-12-18 19:01:14 -------- d-----w- C:\Program Files\MSXML 6.0
2011-12-17 23:14:58 . 2004-08-03 14:29:32 73216 ------w- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-12-17 19:00:22 . 2011-12-17 19:00:22 -------- d-----w- C:\WINDOWS\system32\KB905474
2011-12-15 16:02:44 . 2011-12-15 16:02:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Sage
2011-12-15 09:49:30 . 2011-12-15 09:49:30 -------- d-----w- C:\$AVG
2011-12-15 08:50:46 . 2011-12-15 08:50:46 -------- d-----w- C:\Documents and Settings\User\Application Data\AVG2012
2011-12-15 08:45:52 . 2011-12-21 01:41:57 -------- d-----w- C:\WINDOWS\system32\drivers\AVG
2011-12-15 08:45:52 . 2011-12-15 08:54:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG2012
2011-12-15 08:45:30 . 2011-12-15 08:45:30 -------- d-----w- C:\Program Files\AVG
2011-12-15 07:52:55 . 2011-12-15 07:53:02 -------- d-----w- C:\Documents and Settings\User\Application Data\QuickScan
2011-12-15 07:50:14 . 2011-12-15 07:50:15 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files
2011-12-15 07:49:28 . 2011-12-21 01:42:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
2011-12-15 07:34:11 . 2011-12-15 07:34:11 22032 ----a-w- C:\WINDOWS\DCEBoot.exe
2011-12-15 07:34:04 . 2011-12-15 07:34:33 102400 ----a-w- C:\WINDOWS\RegBootClean.exe
2011-12-14 19:01:30 . 2011-12-19 02:29:51 -------- d-----w- C:\WINDOWS\ServicePackFiles
2011-12-14 04:50:57 . 2011-12-14 04:50:57 -------- d-----w- C:\Program Files\Common Files\Java
2011-12-14 04:26:25 . 2008-06-13 11:05:51 272128 -c----w- C:\WINDOWS\system32\dllcache\bthport.sys
2011-12-14 04:26:25 . 2008-06-13 11:05:51 272128 ------w- C:\WINDOWS\system32\drivers\bthport.sys
2011-12-14 04:25:53 . 2011-02-17 13:18:03 357888 -c----w- C:\WINDOWS\system32\dllcache\srv.sys
2011-12-14 04:24:23 . 2011-07-15 13:29:31 456320 -c----w- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2011-12-14 04:24:14 . 2009-11-21 15:51:04 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll
2011-12-14 04:22:59 . 2011-10-25 13:33:08 2192768 -c----w- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2011-12-14 04:22:59 . 2011-10-25 12:52:02 2027008 -c----w- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2011-12-14 04:17:21 . 2008-05-08 14:02:52 203136 -c----w- C:\WINDOWS\system32\dllcache\rmcast.sys
2011-12-14 04:11:01 . 2008-10-15 16:34:24 337408 -c----w- C:\WINDOWS\system32\dllcache\netapi32.dll
2011-12-14 04:10:13 . 2011-02-17 12:32:12 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-12-14 04:10:12 . 2010-07-12 12:55:03 218112 -c----w- C:\WINDOWS\system32\dllcache\wordpad.exe
2011-11-28 01:46:08 . 2011-11-28 01:46:08 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-23 13:25:32 . 2007-07-27 12:00:00 1859584 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-11-09 21:54:13 . 2011-05-20 05:09:38 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-11-09 19:27:10 . 2011-05-20 05:09:38 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-11-04 19:20:51 . 2007-07-27 12:00:00 916992 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-11-04 19:20:51 . 2007-07-27 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-11-04 19:20:51 . 2007-07-27 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-11-04 11:23:59 . 2007-07-27 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-11-01 16:07:10 . 2007-07-27 12:00:00 1288704 ----a-w- C:\WINDOWS\system32\ole32.dll
2011-10-28 05:31:48 . 2007-07-27 12:00:00 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2011-10-25 13:37:08 . 2007-07-27 12:00:00 2148864 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2011-10-25 12:52:02 . 2004-08-03 22:59:02 2027008 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2011-10-18 11:13:22 . 2007-07-27 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-10-10 14:22:41 . 2011-05-18 04:34:54 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-10-06 22:23:48 . 2011-10-06 22:23:48 230608 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2011-10-03 22:21:42 . 2011-10-03 22:21:42 16720 ----a-w- C:\WINDOWS\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 . 2007-07-27 12:00:00 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-09-26 03:41:20 . 2008-07-29 11:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 03:41:20 . 2007-07-27 12:00:00 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2011-09-26 03:41:14 . 2007-07-27 12:00:00 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2011-10-12 04:15:31 . 2011-06-27 05:16:35 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 06:33:26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2007-07-27 12:00:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-07-27 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-07-27 12:00:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 11:36:02 19580520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-02-22 17:33:36 111208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-02-22 17:33:36 13880424]
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 00:51:42 1753192]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 16:47:42 31016]
"Panasonic Device Monitor Wakeup"="C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe" [2006-11-02 06:54:28 303104]
"Panasonic Device Manager for Multi-Function Station software"="C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe" [2008-09-22 03:49:36 126976]
"Panasonic PCFAX for Multi-Function Station software"="C:\Program Files\Panasonic\MFStation\KmPcFax.exe" [2007-08-28 07:04:14 757760]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 05:06:06 254696]
"AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe" [2011-12-02 17:22:12 2415456]
  • 0

#7
YellowRubberDuck
Posted 20 December 2011 - 11:43 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Fyi, after restart, the file Wserver.exe is part of camguardian dvr s/w, but it got deleted.
Also, AVG deleted Nircmd.3xe and a bunch of I-Worm/Brontok.PB.
After that, the computer freezes, and I have to restart again.

Edited by YellowRubberDuck, 20 December 2011 - 11:45 PM.

  • 0

#8
ali.B
Posted 23 December 2011 - 04:52 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi sorry for the delay.

This happens each time you boot your system ?
  • 0

#9
YellowRubberDuck
Posted 26 December 2011 - 11:39 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Yes, CamGuardian DVR s/w says file Wserver.exe is missing every time I boot the system.
Now, AVG keeps on detecting Win32/Heur and I-Worm/Brontok.PB.
I moved everything to the vault (default solution).
  • 0

#10
ali.B
Posted 28 December 2011 - 12:17 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

Advertisements

#11
YellowRubberDuck
Posted 28 December 2011 - 07:19 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: TAOOFF [limited]

28/12/2011 9:14:31 PM
mbam-log-2011-12-28 (21-14-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 156198
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
YellowRubberDuck
Posted 29 December 2011 - 12:05 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
ESET Online Scanner
Scan results
No threats found. So there's no report.

CamGuardian DVR s/w still says file Wserver.exe is missing every time I boot the system.
Now, AVG keeps on detecting Win32/Heur.
I moved everything to the vault (default solution).
  • 0

#13
ali.B
Posted 30 December 2011 - 02:39 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#14
YellowRubberDuck
Posted 30 December 2011 - 10:47 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL logfile created on: 31/12/2011 12:41:46 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 402.56 Mb Available Physical Memory | 39.33% Memory free
2.40 Gb Paging File | 1.58 Gb Available in Paging File | 65.55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.42 Gb Total Space | 86.57 Gb Free Space | 85.36% Space Free | Partition Type: NTFS
Drive E: | 830.09 Gb Total Space | 365.21 Gb Free Space | 44.00% Space Free | Partition Type: NTFS

Computer Name: TAOOFF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 13:41:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/16 20:03:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2011/04/16 03:14:18 | 000,076,656 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2011/04/15 17:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe
PRC - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
PRC - [2008/09/22 11:49:36 | 000,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
PRC - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 14:54:28 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
PRC - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE
PRC - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/27 13:41:34 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/20 10:57:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/12/20 10:57:41 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/12/20 10:56:02 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/12/19 19:51:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/12/19 19:49:29 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/12/19 19:49:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/19 19:48:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/06 02:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
MOD - [2009/09/11 11:30:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.ScheduledJob.dll
MOD - [2009/09/11 11:30:26 | 000,007,168 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.UBSLogger.dll
MOD - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
MOD - [2008/06/14 10:44:32 | 000,106,567 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\VOICEALARM.DLL
MOD - [2008/06/14 10:41:48 | 000,159,744 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DVRCONFIG.DLL
MOD - [2008/06/14 10:23:42 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\NETVIDEOSERVER.DLL
MOD - [2008/06/12 15:18:08 | 004,710,400 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\EMAP.DLL
MOD - [2008/06/12 15:16:04 | 000,139,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\RESCOM.DLL
MOD - [2008/06/12 15:15:10 | 000,131,072 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\AUTOMAIL.DLL
MOD - [2008/05/12 13:57:20 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DEV_SC_COM.DLL
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\PROTOCOL.DLL
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
MOD - [2008/05/12 13:57:06 | 000,686,592 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\JPGDLL.DLL
MOD - [2008/05/12 13:57:04 | 000,028,672 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\ALARMCARD.DLL
MOD - [2008/05/12 13:56:56 | 001,675,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\UICom.dll
MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 20:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) [Auto | Running] -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe -- (SageUBSLicenseService)
SRV - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe -- (SageUBSBackupService)
SRV - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/29 13:11:35 | 000,024,612 | ---- | M] ( Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TD3004F60v.sys -- (TD3004F60v)
DRV - [2010/11/02 19:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 13:41:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/27 13:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/12/15 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions
[2011/12/15 15:52:30 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/27 13:41:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/12 12:15:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/27 13:41:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/21 13:07:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Panasonic Communications Co.,Ltd.)
O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk = C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.23.239.24 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E941C6-D4FF-4315-BF06-3A967B8F49BD}: DhcpNameServer = 50.23.239.24 208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/18 12:37:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 20:46:33 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/12/23 09:48:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/21 13:01:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/21 12:48:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/21 12:48:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/21 12:48:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/21 12:48:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/21 12:48:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/21 12:48:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 12:48:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Videos
[2011/12/21 12:48:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/12/21 12:46:16 | 004,346,219 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/12/19 19:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/12/19 19:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/19 19:10:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/19 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/19 19:02:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/19 14:59:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/19 10:33:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/12/19 10:33:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/12/19 10:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/12/19 10:33:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/12/19 10:26:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/12/19 10:22:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/12/19 03:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/12/19 03:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/12/19 03:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/12/18 03:00:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/12/16 20:03:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/12/16 20:00:37 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/12/16 00:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/15 17:49:30 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/12/15 16:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/12/15 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/12/15 16:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 16:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/12/15 16:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/15 15:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/12/15 15:50:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/15 15:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/15 03:01:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/12/14 12:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2011/12/31 12:42:02 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SharedDocs.exe
[2011/12/31 12:41:58 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Data user.exe
[2011/12/31 11:58:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 11:29:57 | 085,544,963 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/30 12:58:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 18:55:43 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\User\My Documents\spider.sav
[2011/12/28 21:08:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 20:47:41 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/12/27 14:32:32 | 000,274,161 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/27 14:32:26 | 000,153,894 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/27 13:35:50 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2011/12/27 10:13:00 | 000,089,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/27 10:12:59 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/12/26 00:01:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/26 00:01:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/23 09:45:54 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/21 13:07:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/21 13:01:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/21 12:47:01 | 004,346,219 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/12/20 03:16:15 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/19 19:48:48 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/19 19:48:48 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/19 19:43:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/19 19:21:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/19 15:01:37 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/19 14:59:32 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/19 10:26:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/16 20:03:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/12/16 10:49:02 | 000,228,309 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Drawing-Tao%20Cuisine-2.JPG
[2011/12/15 15:35:52 | 000,000,368 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/15 15:34:33 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:34:11 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/14 21:18:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/12/13 11:53:54 | 000,000,396 | ---- | M] () -- C:\WINDOWS\KmPcFax.INI
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/05 13:53:33 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/03 11:02:10 | 000,007,122 | ---- | M] () -- C:\Documents and Settings\User\Desktop\japan2.jpg
[2011/12/03 11:01:41 | 000,025,796 | ---- | M] () -- C:\Documents and Settings\User\Desktop\japan1.jpg

========== Files Created - No Company Name ==========

[2011/12/31 12:42:00 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SharedDocs.exe
[2011/12/31 12:41:58 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Data user.exe
[2011/12/31 11:29:57 | 085,544,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/29 18:55:43 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\User\My Documents\spider.sav
[2011/12/28 21:08:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 13:35:50 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2011/12/27 10:13:00 | 000,089,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/21 13:01:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/21 13:01:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/21 12:48:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/21 12:48:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/21 12:48:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/21 12:48:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/21 12:48:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/18 07:16:17 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/12/18 07:16:17 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/12/18 07:16:17 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/12/18 07:16:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/12/18 07:16:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/12/18 07:16:17 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/12/18 07:16:17 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/12/18 07:16:17 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/12/18 07:16:17 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/12/18 07:16:17 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/12/18 07:16:17 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/12/18 07:16:17 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/12/18 07:16:16 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/12/18 07:16:16 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/12/18 07:16:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/12/18 07:16:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/12/18 07:16:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/12/18 07:16:16 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/12/18 07:16:16 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/12/18 07:16:16 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/12/18 07:16:16 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/12/18 07:16:16 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/12/18 07:16:16 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/12/18 07:16:16 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/12/18 07:16:16 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/12/18 07:16:16 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/12/18 07:16:16 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/12/18 07:16:16 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/12/18 07:16:16 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/12/18 07:16:16 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/12/18 07:16:15 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/12/18 07:16:15 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/12/18 07:16:15 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/12/18 07:16:15 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/12/18 07:16:15 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/12/18 07:16:15 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/12/18 07:16:15 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/12/18 07:16:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/12/18 07:16:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/12/18 07:16:15 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/12/18 07:16:14 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/12/18 07:16:14 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/12/18 07:16:14 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/12/18 07:16:13 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/12/18 07:16:13 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/12/18 07:16:13 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/12/18 07:16:13 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/12/18 07:16:12 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/12/18 07:16:12 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/12/18 07:16:12 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/12/18 07:16:11 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/12/18 07:16:11 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/12/18 07:16:07 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/12/18 07:16:04 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/12/18 07:16:04 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/12/18 07:16:04 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/12/18 07:16:04 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/12/18 07:16:04 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/12/18 07:16:03 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/12/18 07:16:03 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/12/18 07:16:03 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/12/18 07:16:03 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/12/18 07:16:03 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/12/18 07:16:03 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/12/18 07:14:58 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/12/18 03:00:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/12/16 10:49:47 | 000,228,309 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Drawing-Tao%20Cuisine-2.JPG
[2011/12/15 16:46:13 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/15 15:35:52 | 000,000,368 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/15 15:34:11 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/15 15:34:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:32:16 | 000,274,161 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/15 15:32:08 | 000,153,894 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/14 21:18:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/12/03 11:02:19 | 000,007,122 | ---- | C] () -- C:\Documents and Settings\User\Desktop\japan2.jpg
[2011/12/03 11:02:01 | 000,025,796 | ---- | C] () -- C:\Documents and Settings\User\Desktop\japan1.jpg
[2011/10/08 14:24:34 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP38.INI
[2011/08/08 17:05:22 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 13:16:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/02 09:15:31 | 000,000,396 | ---- | C] () -- C:\WINDOWS\KmPcFax.INI
[2011/05/29 13:11:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2011/05/29 13:11:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2011/05/29 13:11:39 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2011/05/19 14:42:49 | 000,000,257 | ---- | C] () -- C:\WINDOWS\PanaFLB881.ini
[2011/05/19 14:42:49 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iris.ini
[2011/05/19 14:42:46 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2011/05/18 20:25:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/18 20:24:18 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 14:57:07 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/18 14:56:15 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/18 14:56:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 12:38:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 12:34:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/27 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 20:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 20:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/12/15 16:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 15:50:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/29 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2011/06/23 15:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/12/31 11:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/19 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2011/12/16 00:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/15 16:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/10/11 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2011/07/14 09:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Panasonic
[2011/12/15 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/05/29 13:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2011/12/27 10:12:59 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/13 14:30:04 | 000,020,480 | ---- | M] ()(C:\Documents and Settings\User\Desktop\BTH+592+?...xls) -- C:\Documents and Settings\User\Desktop\BTH+592+到...xls
[2011/12/13 14:30:01 | 000,020,480 | ---- | C] ()(C:\Documents and Settings\User\Desktop\BTH+592+?...xls) -- C:\Documents and Settings\User\Desktop\BTH+592+到...xls
[2011/12/01 10:01:09 | 000,015,385 | ---- | C] ()(C:\Documents and Settings\User\Desktop\?????????...docx) -- C:\Documents and Settings\User\Desktop\培根串烧ベーコン串...docx
[2011/11/16 09:49:58 | 000,015,385 | ---- | M] ()(C:\Documents and Settings\User\Desktop\?????????...docx) -- C:\Documents and Settings\User\Desktop\培根串烧ベーコン串...docx
[2011/09/14 17:22:12 | 017,141,248 | ---- | M] ()(C:\Documents and Settings\User\Desktop\??2(1).xls) -- C:\Documents and Settings\User\Desktop\汪生2(1).xls
[2011/09/14 17:22:12 | 017,141,248 | ---- | C] ()(C:\Documents and Settings\User\Desktop\??2(1).xls) -- C:\Documents and Settings\User\Desktop\汪生2(1).xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 1034029 bytes -> C:\WINDOWS\Temp:temp

< End of report >
  • 0

#15
YellowRubberDuck
Posted 30 December 2011 - 10:55 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
During the quick scan, AVG alerted multiple threat detection of Win32/Heur. Attached the captured screen. As usual, I choose "remove all unhealed".

Attached Thumbnails

  • avg.JPG

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP