Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse Dropper Generic, I-Worm, etc [Solved]

Started by YellowRubberDuck , Dec 16 2011 06:38 AM

  • This topic is locked This topic is locked

#16
ali.B
Posted 02 January 2012 - 06:51 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Download the attached Fix.txt

Run OTL

Copy the contents of Fix.txt into the Custom Scans/Fixes box

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces


Things I would like to see in your reply:
  • OTL log
  • MBAM log

Attached Files

  • Attached File  Fix.txt   2.48KB   91 downloads

  • 0

Advertisements

#17
YellowRubberDuck
Posted 03 January 2012 - 06:13 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL logfile created on: 03/01/2012 7:47:02 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 561.81 Mb Available Physical Memory | 54.89% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.42 Gb Total Space | 86.69 Gb Free Space | 85.47% Space Free | Partition Type: NTFS
Drive E: | 830.09 Gb Total Space | 356.95 Gb Free Space | 43.00% Space Free | Partition Type: NTFS

Computer Name: TAOOFF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 20:03:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2011/04/16 03:14:18 | 000,076,656 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2011/04/15 17:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe
PRC - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
PRC - [2008/09/22 11:49:36 | 000,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
PRC - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 14:54:28 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
PRC - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE
PRC - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/20 10:57:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/12/20 10:57:41 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/12/20 10:56:02 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/12/19 19:51:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/12/19 19:49:29 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/12/19 19:49:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/19 19:48:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/02/06 02:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
MOD - [2009/09/11 11:30:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.ScheduledJob.dll
MOD - [2009/09/11 11:30:26 | 000,007,168 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.UBSLogger.dll
MOD - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
MOD - [2008/06/14 10:44:32 | 000,106,567 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\VOICEALARM.DLL
MOD - [2008/06/14 10:41:48 | 000,159,744 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DVRCONFIG.DLL
MOD - [2008/06/14 10:23:42 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\NETVIDEOSERVER.DLL
MOD - [2008/06/12 15:18:08 | 004,710,400 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\EMAP.DLL
MOD - [2008/06/12 15:16:04 | 000,139,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\RESCOM.DLL
MOD - [2008/06/12 15:15:10 | 000,131,072 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\AUTOMAIL.DLL
MOD - [2008/05/12 13:57:20 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DEV_SC_COM.DLL
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\PROTOCOL.DLL
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
MOD - [2008/05/12 13:57:06 | 000,686,592 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\JPGDLL.DLL
MOD - [2008/05/12 13:57:04 | 000,028,672 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\ALARMCARD.DLL
MOD - [2008/05/12 13:56:56 | 001,675,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\UICom.dll
MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 20:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) [Auto | Running] -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe -- (SageUBSLicenseService)
SRV - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe -- (SageUBSBackupService)
SRV - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/29 13:11:35 | 000,024,612 | ---- | M] ( Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TD3004F60v.sys -- (TD3004F60v)
DRV - [2010/11/02 19:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 13:41:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/27 13:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/12/15 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions
[2011/12/15 15:52:30 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/27 13:41:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/12 12:15:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/27 13:41:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/21 13:07:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Panasonic Communications Co.,Ltd.)
O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk = C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.23.239.24 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E941C6-D4FF-4315-BF06-3A967B8F49BD}: DhcpNameServer = 50.23.239.24 208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/18 12:37:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 20:46:33 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/12/23 09:48:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/21 13:01:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/21 12:48:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/21 12:48:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/21 12:48:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/21 12:48:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/21 12:48:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/21 12:48:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/21 12:48:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Videos
[2011/12/21 12:48:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/12/21 12:46:16 | 004,346,219 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/12/19 19:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/12/19 19:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/19 19:10:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/19 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/19 19:02:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/19 14:59:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/19 10:33:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/12/19 10:33:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/12/19 10:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/12/19 10:33:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/12/19 10:26:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/12/19 10:22:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/12/19 03:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/12/19 03:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/12/19 03:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/12/18 03:00:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/12/16 20:03:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/12/16 20:00:37 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/12/16 00:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/15 17:49:30 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/12/15 16:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/12/15 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/12/15 16:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 16:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/12/15 16:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/15 15:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/12/15 15:50:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/15 15:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/15 03:01:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/12/14 12:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/01/03 19:45:39 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2012/01/03 19:45:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/01/03 19:39:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/03 19:38:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 19:38:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/03 19:35:57 | 085,856,759 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/03 18:58:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 18:55:43 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\User\My Documents\spider.sav
[2011/12/28 21:08:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 20:47:41 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2011/12/27 14:32:32 | 000,274,161 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/27 14:32:26 | 000,153,894 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/27 10:13:00 | 000,089,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/23 09:45:54 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/21 13:07:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/21 13:01:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/21 12:47:01 | 004,346,219 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/12/20 03:16:15 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/19 19:48:48 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/19 19:48:48 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/19 19:43:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/19 19:21:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/19 15:01:37 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/19 14:59:32 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/19 10:26:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/16 20:03:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/12/16 10:49:02 | 000,228,309 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Drawing-Tao%20Cuisine-2.JPG
[2011/12/15 15:35:52 | 000,000,368 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/15 15:34:33 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:34:11 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/14 21:18:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/12/13 11:53:54 | 000,000,396 | ---- | M] () -- C:\WINDOWS\KmPcFax.INI
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/05 13:53:33 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/01/03 19:35:57 | 085,856,759 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/29 18:55:43 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\User\My Documents\spider.sav
[2011/12/28 21:08:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 13:35:50 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2011/12/27 10:13:00 | 000,089,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/21 13:01:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/21 13:01:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/21 12:48:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/21 12:48:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/21 12:48:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/21 12:48:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/21 12:48:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/18 07:16:17 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/12/18 07:16:17 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/12/18 07:16:17 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/12/18 07:16:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/12/18 07:16:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/12/18 07:16:17 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/12/18 07:16:17 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/12/18 07:16:17 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/12/18 07:16:17 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/12/18 07:16:17 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/12/18 07:16:17 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/12/18 07:16:17 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/12/18 07:16:16 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/12/18 07:16:16 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/12/18 07:16:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/12/18 07:16:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/12/18 07:16:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/12/18 07:16:16 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/12/18 07:16:16 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/12/18 07:16:16 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/12/18 07:16:16 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/12/18 07:16:16 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/12/18 07:16:16 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/12/18 07:16:16 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/12/18 07:16:16 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/12/18 07:16:16 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/12/18 07:16:16 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/12/18 07:16:16 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/12/18 07:16:16 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/12/18 07:16:16 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/12/18 07:16:15 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/12/18 07:16:15 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/12/18 07:16:15 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/12/18 07:16:15 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/12/18 07:16:15 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/12/18 07:16:15 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/12/18 07:16:15 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/12/18 07:16:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/12/18 07:16:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/12/18 07:16:15 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/12/18 07:16:14 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/12/18 07:16:14 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/12/18 07:16:14 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/12/18 07:16:13 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/12/18 07:16:13 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/12/18 07:16:13 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/12/18 07:16:13 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/12/18 07:16:12 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/12/18 07:16:12 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/12/18 07:16:12 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/12/18 07:16:11 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/12/18 07:16:11 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/12/18 07:16:07 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/12/18 07:16:04 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/12/18 07:16:04 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/12/18 07:16:04 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/12/18 07:16:04 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/12/18 07:16:04 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/12/18 07:16:03 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/12/18 07:16:03 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/12/18 07:16:03 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/12/18 07:16:03 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/12/18 07:16:03 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/12/18 07:16:03 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/12/18 07:14:58 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/12/18 03:00:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/12/16 10:49:47 | 000,228,309 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Drawing-Tao%20Cuisine-2.JPG
[2011/12/15 16:46:13 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/15 15:35:52 | 000,000,368 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2011/12/15 15:34:11 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/15 15:34:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:32:16 | 000,274,161 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/15 15:32:08 | 000,153,894 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/14 21:18:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/10/08 14:24:34 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP38.INI
[2011/08/08 17:05:22 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 13:16:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/02 09:15:31 | 000,000,396 | ---- | C] () -- C:\WINDOWS\KmPcFax.INI
[2011/05/29 13:11:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2011/05/29 13:11:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2011/05/29 13:11:39 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2011/05/19 14:42:49 | 000,000,257 | ---- | C] () -- C:\WINDOWS\PanaFLB881.ini
[2011/05/19 14:42:49 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iris.ini
[2011/05/19 14:42:46 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2011/05/18 20:25:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/18 20:24:18 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 14:57:07 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/18 14:56:15 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/18 14:56:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 12:38:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 12:34:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/27 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 20:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 20:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/12/15 16:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 15:50:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/29 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2011/06/23 15:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/01/03 19:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/19 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2011/12/16 00:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/15 16:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/10/11 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2011/07/14 09:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Panasonic
[2011/12/15 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/05/29 13:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2012/01/03 19:45:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1034029 bytes -> C:\WINDOWS\Temp:temp

< End of report >
  • 0

#18
YellowRubberDuck
Posted 03 January 2012 - 06:24 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: TAOOFF [administrator]

03/01/2012 8:15:18 PM
mbam-log-2012-01-03 (20-15-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 155907
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#19
ali.B
Posted 06 January 2012 - 03:01 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
still getting the AVG popups ?
  • 0

#20
YellowRubberDuck
Posted 15 January 2012 - 09:16 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Yes. A lot. Mostly it kept on detecting My Videos.exe and My Pictures.exe. Two of that files appeared as folder (icon). I double click it, Avg detected more Win32/Heur virus. What is really happening?

Edited by YellowRubberDuck, 16 January 2012 - 11:04 PM.

  • 0

#21
ali.B
Posted 21 January 2012 - 01:36 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#22
YellowRubberDuck
Posted 03 February 2012 - 09:33 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL logfile created on: 04/02/2012 10:34:15 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 332.24 Mb Available Physical Memory | 32.46% Memory free
2.40 Gb Paging File | 1.65 Gb Available in Paging File | 68.47% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.42 Gb Total Space | 85.87 Gb Free Space | 84.66% Space Free | Partition Type: NTFS
Drive E: | 830.09 Gb Total Space | 283.64 Gb Free Space | 34.17% Space Free | Partition Type: NTFS

Computer Name: TAOOFF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/12/27 13:41:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/16 20:03:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2011/04/16 03:14:18 | 000,076,656 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
PRC - [2011/04/15 17:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe
PRC - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
PRC - [2008/09/22 11:49:36 | 000,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
PRC - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 14:54:28 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
PRC - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE
PRC - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/12 03:03:07 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/12/27 13:41:34 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/20 10:57:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/12/20 10:57:41 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/12/20 10:56:02 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/12/19 19:51:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/12/19 19:49:29 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/12/19 19:49:20 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/11/03 23:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/28 13:47:20 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe
MOD - [2009/09/11 11:30:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.ScheduledJob.dll
MOD - [2009/09/11 11:30:26 | 000,007,168 | ---- | M] () -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.UBSLogger.dll
MOD - [2008/07/19 10:58:58 | 001,278,020 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe
MOD - [2008/06/14 10:44:32 | 000,106,567 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\VOICEALARM.DLL
MOD - [2008/06/14 10:41:48 | 000,159,744 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DVRCONFIG.DLL
MOD - [2008/06/14 10:23:42 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\NETVIDEOSERVER.DLL
MOD - [2008/06/12 15:18:08 | 004,710,400 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\EMAP.DLL
MOD - [2008/06/12 15:16:04 | 000,139,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\RESCOM.DLL
MOD - [2008/06/12 15:15:10 | 000,131,072 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\AUTOMAIL.DLL
MOD - [2008/05/12 13:57:20 | 000,053,248 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\DEV_SC_COM.DLL
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\PROTOCOL.DLL
MOD - [2008/05/12 13:57:08 | 000,118,784 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\MEDIASERVER.EXE
MOD - [2008/05/12 13:57:06 | 000,686,592 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\JPGDLL.DLL
MOD - [2008/05/12 13:57:04 | 000,028,672 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\ALARMCARD.DLL
MOD - [2008/05/12 13:56:56 | 001,675,264 | ---- | M] () -- C:\Program Files\CamGuardian DVR\CamGuardian DVR\UICom.dll
MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 20:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/16 03:14:18 | 000,093,048 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2011/04/15 17:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/28 11:20:24 | 000,016,720 | ---- | M] (Sage Software Sdn Bhd) [Auto | Running] -- C:\Program Files\Common Files\Sage Software\LicenseService\UBS.Phoenix.Server.exe -- (SageUBSLicenseService)
SRV - [2009/09/11 11:30:26 | 000,010,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Sage Software\BackupService\UBS.UBSService.exe -- (SageUBSBackupService)
SRV - [2004/08/03 04:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)


========== Driver Services (SafeList) ==========

DRV - [2012/01/17 13:06:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/29 13:11:35 | 000,024,612 | ---- | M] ( Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TD3004F60v.sys -- (TD3004F60v)
DRV - [2010/11/02 19:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:12:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 13:41:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/27 13:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/02/04 10:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions
[2012/02/04 10:31:50 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kcrb4qik.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/14 12:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/27 13:41:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/12 12:15:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/27 13:41:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/21 13:07:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bron-Spizaetus] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Panasonic Communications Co.,Ltd.)
O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Tok-Cirrhatus] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk = C:\Program Files\CamGuardian DVR\CamGuardian DVR\CamGuardian DVR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.23.239.24 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E941C6-D4FF-4315-BF06-3A967B8F49BD}: DhcpNameServer = 50.23.239.24 208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/18 12:37:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/16 20:00:37 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 13:05:21 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/16 11:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG
[2012/01/16 11:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/16 11:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011

========== Files - Modified Within 30 Days ==========

[2012/02/04 10:31:07 | 088,114,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/04 10:30:45 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/02/04 10:03:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/04 10:03:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 00:02:49 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CamGuardian DVR.lnk
[2012/02/04 00:01:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/04 00:01:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 13:16:06 | 000,169,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/01 09:12:15 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/17 13:06:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/17 12:59:57 | 000,000,010 | RHS- | M] () -- C:\WINDOWS\System32\sistem.sys
[2012/01/16 11:11:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/12 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 03:03:25 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 03:03:25 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/06 11:37:15 | 000,162,573 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Scan1.PDF

========== Files Created - No Company Name ==========

[2012/01/17 12:59:57 | 000,000,010 | RHS- | C] () -- C:\WINDOWS\System32\sistem.sys
[2012/01/16 11:11:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/16 11:11:17 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/06 11:37:15 | 000,162,573 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Scan1.PDF
[2011/12/21 12:48:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/21 12:48:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/21 12:48:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/21 12:48:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/21 12:48:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/15 15:34:11 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/12/15 15:34:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/12/15 15:32:16 | 000,274,161 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/12/15 15:32:08 | 000,153,894 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/12/14 21:18:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/10/08 14:24:34 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP38.INI
[2011/08/08 17:05:22 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 13:16:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/02 09:15:31 | 000,000,396 | ---- | C] () -- C:\WINDOWS\KmPcFax.INI
[2011/05/29 13:11:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2011/05/29 13:11:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2011/05/29 13:11:39 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2011/05/19 14:42:49 | 000,000,257 | ---- | C] () -- C:\WINDOWS\PanaFLB881.ini
[2011/05/19 14:42:49 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iris.ini
[2011/05/19 14:42:46 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2011/05/18 20:25:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/18 20:24:18 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 14:57:07 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/18 14:56:15 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/18 14:56:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 12:38:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 12:34:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/27 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 20:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 20:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/02/04 00:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/15 15:50:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/29 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2011/06/23 15:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/02/04 10:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/19 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2011/12/16 00:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2012/01/25 00:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/16 11:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG
[2011/12/15 16:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/10/11 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2011/07/14 09:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Panasonic
[2011/12/15 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/05/29 13:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2012/02/04 10:30:45 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 1034029 bytes -> C:\WINDOWS\Temp:temp

< End of report >
  • 0

#23
ali.B
Posted 27 February 2012 - 12:45 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP