Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse ASJX, ARMW & Generic RDX [Closed]

Started by tonytp11 , Feb 23 2012 04:46 AM

  • This topic is locked This topic is locked

#1
tonytp11
Posted 23 February 2012 - 04:46 AM

tonytp11

    New Member

  • Member
  • Pip
  • 4 posts
Help Help Help

I have tried to zap these viruses using AVG but everytime I run a scan I get the following:

c:\windows\system32\svchost.exe(2824) deleted
c:\windows\system32\svchost.exe(2824):memory_00d30000 infected

Thi is just one example , total infections are now 34 and they seem to be increasing.

Internet browsing tends to be sluggish especially with Facebook .

Any help would be appreciated to try and zapp these viruses/malware.

Thanks
Tony
  • 0

Advertisements

#2
tonytp11
Posted 23 February 2012 - 05:03 AM

tonytp11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Below is a copy of my AVG Scan

;"C:\WINDOWS\system32\wuauclt.exe (2668)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\system32\svchost.exe (5420)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\system32\svchost.exe (2824)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\system32\svchost.exe (1672)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\system32\svchost.exe (1632)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\system32\svchost.exe (1376)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\system32\services.exe (1176)";"Trojan horse PSW.Agent.ASJX";"Deleted"
;"C:\WINDOWS\system32\PSIService.exe (3076)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\explorer.exe (2240)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\ehome\ehtray.exe (2436)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\ehome\ehSched.exe (304)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\ehome\ehrecvr.exe (4084)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (2688)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\Dell Support Center\bin\sprtsvc.exe (3220)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2520)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\Common Files\Java\Java Update\jusched.exe (2444)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe (3556)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3888)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\AVG\AVG2012\avgui.exe (1244)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\AVG\AVG2012\avgfws.exe (3856)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\Program Files\AVG Secure Search\vprot.exe (2536)";"Trojan horse PSW.Agent.ARMW";"Deleted"
;"C:\WINDOWS\system32\wuauclt.exe (2668):\memory_02930000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\system32\svchost.exe (5420):\memory_01010000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\system32\svchost.exe (2824):\memory_00d30000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\system32\svchost.exe (1672):\memory_00a70000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\system32\svchost.exe (1632):\memory_01d90000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\system32\svchost.exe (1376):\memory_00c40000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\system32\services.exe (1176):\memory_01200000";"Trojan horse PSW.Generic9.RDX";"Infected"
;"C:\WINDOWS\system32\services.exe (1176):\memory_00e50000";"Trojan horse PSW.Agent.ASJX";"Infected"
;"C:\WINDOWS\system32\PSIService.exe (3076):\memory_00c60000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\explorer.exe (2240):\memory_011d0000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\ehome\ehtray.exe (2436):\memory_016c0000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\ehome\ehSched.exe (304):\memory_009c0000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\WINDOWS\ehome\ehrecvr.exe (4084):\memory_01d70000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (2688):\memory_04ae0000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\Dell Support Center\bin\sprtsvc.exe (3220):\memory_023d0000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2520):\memory_045e0000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\Common Files\Java\Java Update\jusched.exe (2444):\memory_00b90000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe (3556):\memory_00950000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3888):\memory_02020000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\AVG\AVG2012\avgui.exe (1244):\memory_01d90000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\AVG\AVG2012\avgfws.exe (3856):\memory_016a0000";"Trojan horse PSW.Agent.ARMW";"Infected"
;"C:\Program Files\AVG Secure Search\vprot.exe (2536):\memory_02190000";"Trojan horse PSW.Agent.ARMW";"Infected"
  • 0

#3
tonytp11
Posted 23 February 2012 - 05:05 AM

tonytp11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 23/02/2012 10:50:38 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tony\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.84% Memory free
3.84 Gb Paging File | 3.22 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 36.34 Gb Free Space | 25.18% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 22:43:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony\My Documents\Downloads\OTL.exe
PRC - [2012/01/29 23:31:57 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/18 11:44:58 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/19 06:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 17:33:06 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 17:30:51 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/01/29 23:31:57 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/18 11:44:58 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 17:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/10/12 22:08:34 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2011/01/07 03:05:10 | 008,199,168 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/07/26 08:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/08 08:07:10 | 000,087,808 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/08/05 13:01:54 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\wstpager.ax
MOD - [2005/08/05 13:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 12:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2002/09/23 15:11:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\hcwXDS.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/18 11:44:58 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/18 07:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/11/03 16:33:16 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/11/03 16:33:16 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/07/26 15:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 15:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/07/26 15:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 18:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/03/15 15:26:00 | 000,148,608 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2004/06/09 07:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..keyword.URL: "http://isearch.avg.c...3:57&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:31:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/02/01 09:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/23 09:34:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 09:34:20 | 000,000,000 | ---D | M]

[2009/08/13 20:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Extensions
[2012/02/23 09:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\t8m5ev87.default\extensions
[2012/02/23 09:34:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\t8m5ev87.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/01 19:16:45 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\t8m5ev87.default\searchplugins\bing.xml
[2012/02/23 09:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/01 09:31:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/11/03 16:32:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/20 22:03:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/03 16:32:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 14:08:59 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/29 23:31:56 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/29 13:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 14:08:59 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/29 14:08:59 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/29 14:08:59 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/10 00:41:33 | 000,440,549 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15168 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: 1and1.co.uk ([order] http in Trusted sites)
O15 - HKCU\..Trusted Domains: avnet.com ([owa.emea] https in Trusted sites)
O15 - HKCU\..Trusted Domains: depositfiles.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: itv.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mirashowers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: rac.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: torrentspy.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: uploadhut.com ([www] * in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.bp.2020.ne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.h...llMgr_v01_6.cab (FixController Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (AccountTracking Profile Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40DFA695-F8CA-480A-B501-61EA49EAFFEA}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 09:40:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tony\Recent
[2012/02/23 09:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/23 09:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/23 09:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/11 14:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony\Application Data\AVG
[2012/02/09 23:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/09 23:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/03 01:03:05 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2012/02/03 01:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/01/31 17:26:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/29 23:31:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/01/27 22:05:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/27 14:42:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/27 14:42:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/27 14:42:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/27 14:42:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/27 14:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/27 14:42:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/27 14:39:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/25 22:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/25 21:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/25 21:19:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/01/25 20:51:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/23 10:53:42 | 000,009,546 | ---- | M] () -- C:\Documents and Settings\Tony\My Documents\scan 23_02_12.csv
[2012/02/23 10:34:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 10:15:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 10:14:23 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 10:12:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/23 10:12:39 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/23 09:09:40 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Continue CCleaner Installation.lnk
[2012/02/22 21:31:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 17:42:20 | 089,724,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/22 17:41:40 | 000,345,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/17 18:30:57 | 000,621,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/02/16 17:27:13 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 22:11:36 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/15 22:11:36 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/13 21:00:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/11 14:23:33 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\AVG PC Tuneup 2011.lnk
[2012/02/10 13:41:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/10 00:41:33 | 000,440,549 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/09 23:34:36 | 000,440,549 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120210-004133.backup
[2012/02/09 23:24:18 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\Spybot - Search & Destroy.lnk
[2012/02/04 21:21:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/04 21:21:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/04 09:28:32 | 000,166,400 | ---- | M] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 09:31:58 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/27 23:26:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-233436.backup
[2012/01/27 22:05:31 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/01/25 21:32:25 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Tony\Desktop\sdsetup_revwire207[1].exe
[2012/01/25 20:59:29 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/23 10:53:42 | 000,009,546 | ---- | C] () -- C:\Documents and Settings\Tony\My Documents\scan 23_02_12.csv
[2012/02/20 22:23:55 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/15 08:32:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 08:32:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/11 14:23:33 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\AVG PC Tuneup 2011.lnk
[2012/02/10 09:43:00 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Continue CCleaner Installation.lnk
[2012/02/09 23:24:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\Spybot - Search & Destroy.lnk
[2012/02/04 21:21:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/03 00:22:43 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/27 22:05:31 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/01/27 22:05:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/27 14:42:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/27 14:42:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/27 14:42:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/27 14:42:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/27 14:42:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/25 21:32:25 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Tony\Desktop\sdsetup_revwire207[1].exe
[2011/05/04 15:28:12 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\WavCodec.wff
[2011/03/10 21:14:57 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010/04/09 16:53:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/08 14:06:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\prvlcl.dat
[2010/03/31 18:34:39 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/07 19:35:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\setup_ldm.iss
[2009/09/13 13:50:56 | 000,000,185 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/25 15:07:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/24 18:06:02 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/05/22 22:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/04/13 20:28:54 | 000,050,276 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/01/01 19:53:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/01/01 19:50:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/15 23:55:18 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/24 21:28:31 | 000,121,256 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/07/26 20:56:43 | 000,120,670 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/07/26 20:56:42 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/07/11 21:54:06 | 000,005,782 | ---- | C] () -- C:\WINDOWS\System32\winiml.dat
[2007/07/11 21:54:06 | 000,005,782 | ---- | C] () -- C:\Documents and Settings\Tony\Application Data\iml.xml
[2007/07/08 15:07:57 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/06/20 09:52:57 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/09/15 19:54:45 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\DBAE170714.sys
[2006/08/24 18:35:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/07/23 20:28:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/23 20:18:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/03 14:36:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/06/25 13:09:09 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\140717AEDB.sys
[2006/06/25 13:08:58 | 000,008,354 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/08 20:49:34 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006/05/30 08:50:16 | 000,166,400 | ---- | C] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/24 23:25:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/05/24 22:58:59 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2006/05/24 22:31:23 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Tony\Local Settings\Application Data\fusioncache.dat
[2006/05/21 09:19:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/21 09:17:02 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/21 09:13:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/21 08:38:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/21 08:38:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/05/21 08:37:44 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/05 02:25:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2012/01/25 22:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/05/04 13:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012/02/03 10:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009/12/01 19:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/01/14 15:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/03/15 08:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/07/20 07:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\delete cast flag more
[2011/01/20 23:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/04/10 17:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/02/22 09:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/10/08 10:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/02/23 09:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/10/26 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/01/16 17:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/09 20:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/04/09 20:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2007/01/12 20:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/02/23 09:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/30 16:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/11 14:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\AVG
[2012/01/21 09:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\AVG Secure Search
[2011/10/19 08:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\AVG2012
[2006/06/15 19:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Datalayer
[2011/01/30 21:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Digiarty
[2012/02/22 22:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Image Zone Express
[2010/04/09 17:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\ImTOO
[2008/04/10 17:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\iolo
[2006/06/15 23:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Leadertech
[2007/03/19 22:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\MSNInstaller
[2007/10/26 20:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\NCH Swift Sound
[2006/06/15 19:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Nokia
[2010/07/17 20:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\NumusDiskBuilder
[2006/06/15 19:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\PC Suite
[2007/10/26 20:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Recordpad
[2011/01/20 23:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Samsung
[2010/09/11 17:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\Sony
[2008/09/30 11:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony\Application Data\uTorrent
[2010/12/14 22:29:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDays.job
[2011/04/24 07:53:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/01/18 12:32:05 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Î) -- C:\WINDOWS\System32\뫈Î
[2011/01/18 12:32:05 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Î) -- C:\WINDOWS\System32\뫈Î
[2010/09/30 12:13:10 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ɓ
[2010/09/30 12:13:10 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ɓ
[2010/03/05 13:34:20 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?í) -- C:\WINDOWS\System32\﹠í
[2010/03/05 13:34:20 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?í) -- C:\WINDOWS\System32\﹠í
[2009/12/18 12:41:04 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?®) -- C:\WINDOWS\System32\䣘®
[2009/12/18 12:41:04 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?®) -- C:\WINDOWS\System32\䣘®

< End of report >
  • 0

#4
WhiteHat
Posted 03 March 2012 - 12:56 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello tonytp11 and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#5
WhiteHat
Posted 03 March 2012 - 04:44 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #

Download the OTL Fix.txt attachment in the end of my post.
Please reopen Posted Image on your desktop.
  • Open the OTL Fix.txt and copy the content of the file. (CTRL + C)
  • Under the Posted Image box at the bottom, paste the content of OTL Fix.txt (CTRL + V).
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



# Step 2 #


Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.



# Step 3 #


Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
    Posted Image
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    ../misc/guide_icons/GMER_thumb.jpg
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any <--- ROOKIT entries

# Step 4 #

Logs I want to see in your next reply:

  • OTL Fix log.
  • Dr. Web log.
  • GMER log.

Attached Files


Edited by GLeobas, 03 March 2012 - 04:45 PM.

  • 0

#6
NeonFx
Posted 09 March 2012 - 07:24 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP