Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot connect to ANY antivirus websites OR security discussion forum


  • This topic is locked This topic is locked

#1
Aryankids

Aryankids

    Member

  • Member
  • PipPip
  • 12 posts
Dear All,

For last few days I have not been able to connect to any antivirus website. I have tried a few basic "get-around" techniques but symptoms still exist. In nutshell :

Symptoms : Cannot connect to any antivirus website OR security discussion like bleepingcompter.com !!

Cannot boot to safe mode !!
Have tried to disable ALL startup processes using msconfig but it did not help.

Have performed combifix on my box and the result will be provided if it is needed.

I have read a few posts on this forum but it seems removing this malware has to be done in an assisted way so it would be much appreciated if you help me to remove the malware from my machine.


look forward to have your assistance.

regards
Amir
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you post the combofix log please


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Aryankids

Aryankids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
HI,

Many thanks for quick reply specially right in the middle of long weekend !

I have attached log files as you instructed me to do.


I look forward to hearing from you

Regs
Amir

OTL logfile created on: 07/04/2012 15:57:03 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

989.04 Mb Total Physical Memory | 502.08 Mb Available Physical Memory | 50.76% Memory free
2.33 Gb Paging File | 2.00 Gb Available in Paging File | 86.04% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 8.55 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive D: | 430.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 533.59 Gb Free Space | 57.28% Space Free | Partition Type: NTFS
Drive G: | 116.70 Mb Total Space | 111.56 Mb Free Space | 95.59% Space Free | Partition Type: FAT32

Computer Name: SERVER | User Name: Amir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 15:47:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011/10/27 21:58:24 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\system32\java.exe
PRC - [2011/10/27 21:58:24 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/05/17 08:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
PRC - [2011/04/15 10:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/24 21:33:26 | 001,019,904 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 15:14:51 | 000,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe
PRC - [2007/06/11 15:14:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/11/24 21:36:30 | 000,731,136 | ---- | M] () -- C:\Program Files\TVersity\Media Server\X11.dll
MOD - [2010/11/24 21:36:30 | 000,714,752 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2010/11/24 21:36:30 | 000,507,888 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2010/11/24 21:36:30 | 000,346,112 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2010/11/24 21:36:30 | 000,329,728 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libcurl.dll
MOD - [2010/11/24 21:36:30 | 000,311,808 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2010/11/24 21:36:30 | 000,201,232 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2010/11/24 21:36:28 | 000,165,888 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2010/11/24 21:36:22 | 004,532,240 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2010/11/24 21:36:22 | 000,793,616 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2010/11/24 21:36:22 | 000,081,936 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2010/11/24 21:33:26 | 001,019,904 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2009/08/16 17:06:02 | 000,242,176 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/16 04:08:11 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll
MOD - [2007/02/22 08:15:30 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/22 08:13:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/22 08:10:48 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/11/07 16:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2006/09/16 06:03:02 | 000,007,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_gray_.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2011/10/27 21:58:24 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/05/17 08:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2011/04/15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/24 21:33:26 | 001,019,904 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2007/06/11 15:14:51 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 15:14:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Amir\LOCALS~1\Temp\pdddxxjr.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/07 12:27:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/11 00:43:45 | 000,169,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009/08/18 10:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/05 07:16:44 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 35 DA 76 ED 0D CD 01 [binary data]
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\..\SearchScopes,DefaultScope = {65ECC565-4827-45E6-AEE1-F3AAD001013C}
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\..\SearchScopes\{65ECC565-4827-45E6-AEE1-F3AAD001013C}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 21:56:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 21:58:56 | 000,000,000 | ---D | M]

[2010/12/04 11:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amir\Application Data\Mozilla\Extensions
[2011/12/21 13:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amir\Application Data\Mozilla\Firefox\Profiles\mj87znzk.default\extensions
[2011/09/07 10:02:51 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Amir\Application Data\Mozilla\Firefox\Profiles\mj87znzk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/02/15 12:29:39 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Amir\Application Data\Mozilla\Firefox\Profiles\mj87znzk.default\extensions\[email protected]
[2012/01/24 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/30 18:05:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/17 21:56:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/27 21:58:26 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 14:50:40 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 14:50:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/07 14:50:40 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/07 14:50:40 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/07 14:50:40 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/04/07 12:53:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKU\S-1-5-21-484763869-507921405-839522115-1003..\Run: [IrfVxbnf] C:\Documents and Settings\Amir\Local Settings\Application Data\alnjnbhr\irfvxbnf.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-507921405-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Amir\Local Settings\Application Data\alnjnbhr\irfvxbnf.exe) - C:\Documents and Settings\Amir\Local Settings\Application Data\alnjnbhr\irfvxbnf.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Amir\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amir\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/02 21:07:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/24 18:18:06 | 000,000,136 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 15:49:45 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/04/07 15:49:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\aswMBR.exe
[2012/04/07 14:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir\Start Menu\Programs\HiJackThis
[2012/04/07 14:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\HT
[2012/04/07 12:46:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/07 12:44:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 12:44:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 12:44:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 12:44:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 12:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/07 12:44:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 12:43:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amir\Start Menu\Programs\Administrative Tools
[2012/04/07 12:27:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/07 12:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir\Application Data\Malwarebytes
[2012/04/07 12:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/03 10:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/04/03 10:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir\Application Data\Juniper Networks
[2012/04/01 14:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir\Local Settings\Application Data\alnjnbhr
[2012/04/01 14:42:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 15:47:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/04/07 15:36:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\aswMBR.exe
[2012/04/07 15:05:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 15:04:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/07 15:04:05 | 1037,160,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/07 14:30:30 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\Amir\Desktop\HiJackThis.lnk
[2012/04/07 13:12:04 | 000,100,464 | -H-- | M] () -- C:\WINDOWS\System32\237zms3
[2012/04/07 13:05:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/07 12:54:27 | 000,107,760 | -H-- | M] () -- C:\Documents and Settings\Amir\NQmilY3
[2012/04/07 12:53:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 12:27:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/04 08:57:03 | 000,436,002 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/04 08:57:03 | 000,068,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/01 14:03:07 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Amir\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/03/20 14:47:02 | 000,700,155 | ---- | M] () -- C:\Documents and Settings\Amir\Desktop\20-03-2012 13;47;02.jpg
[2012/03/14 04:21:34 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 04:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/09 20:48:01 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Amir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/07 14:30:30 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\Amir\Desktop\HiJackThis.lnk
[2012/04/07 12:54:15 | 000,107,760 | -H-- | C] () -- C:\Documents and Settings\Amir\NQmilY3
[2012/04/07 12:46:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/07 12:46:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/07 12:44:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 12:44:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 12:44:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 12:44:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 12:44:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/07 11:43:08 | 000,100,464 | -H-- | C] () -- C:\WINDOWS\System32\237zms3
[2012/04/01 14:03:07 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Amir\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/03/20 14:47:11 | 000,700,155 | ---- | C] () -- C:\Documents and Settings\Amir\Desktop\20-03-2012 13;47;02.jpg
[2012/02/15 08:37:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/26 18:09:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/26 18:09:07 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/26 18:09:07 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/26 18:09:07 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/19 15:08:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/16 15:48:24 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/05 18:46:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/04 11:00:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/17 17:49:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2010/11/17 17:49:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2010/11/17 17:48:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2010/11/17 17:48:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2010/11/17 17:48:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2010/11/17 17:46:58 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2010/11/17 17:46:44 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2010/11/17 17:46:44 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2010/11/17 17:46:44 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2010/11/17 17:46:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2010/11/17 17:46:43 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2010/11/17 17:46:43 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2010/11/17 17:46:43 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2010/11/17 17:46:43 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2010/11/17 17:46:43 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2010/11/17 17:46:42 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2010/11/17 17:46:42 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe
[2010/11/17 17:46:41 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2010/11/17 17:46:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2010/11/17 17:46:40 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2010/11/17 17:46:40 | 000,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
[2010/11/17 17:46:40 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2010/11/17 17:46:40 | 000,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe
[2010/11/17 17:35:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2010/11/17 17:35:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2010/11/17 17:34:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2010/11/17 17:34:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/09/18 00:59:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Muxman.ini
[2010/09/02 22:03:55 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/04 17:43:05 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/07 16:57:11 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Amir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 21:47:01 | 000,982,196 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/05/02 21:47:01 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/05/02 21:42:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/05/02 21:42:06 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/02 21:42:03 | 000,023,175 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/05/02 21:42:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/05/02 21:31:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/02 21:30:29 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/02 21:08:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/02 21:04:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012/04/07 11:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/22 13:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/23 16:54:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/26 17:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2012/04/03 10:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/08 11:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2012/04/07 11:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/02 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/10/14 10:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\AVG2012
[2011/03/03 13:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\GARMIN
[2012/04/04 08:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Juniper Networks
[2010/11/25 09:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Lexmark Productivity Studio
[2010/09/18 01:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\PgcEdit
[2010/05/09 13:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Sony Setup
[2012/04/03 10:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Spotify
[2011/12/22 15:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\TeamViewer
[2011/03/29 23:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Teleca
[2012/04/01 15:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\uTorrent
[2012/03/26 07:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Vso
[2010/10/27 08:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\WordWeb

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/04/07 15:36:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\aswMBR.exe
[2012/04/07 15:47:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/07/22 14:31:34 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=DF3F40C1C0C4EA6BFD4CFACD4CB18BF1 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: SERVER
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D Music UDF DVD-ROM 430 MB
Volume 1 E DVD-ROM 0 B
Volume 2 C NTFS Partition 75 GB Healthy System
Volume 3 F Media NTFS Partition 932 GB Healthy
Volume 4 G ACTIVE BOOT FAT32 Removeable 118 MB

< End of report >

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
After this run could you try to connect to an AV site and let me know the result please

Also could I see the combofix log

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | Disabled | Running] -- C:\DOCUME~1\Amir\LOCALS~1\Temp\pdddxxjr.sys -- (Micorsoft Windows Service)
    O4 - HKU\S-1-5-21-484763869-507921405-839522115-1003..\Run: [IrfVxbnf] C:\Documents and Settings\Amir\Local Settings\Application Data\alnjnbhr\irfvxbnf.exe File not found
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Amir\Local Settings\Application Data\alnjnbhr\irfvxbnf.exe) - C:\Documents and Settings\Amir\Local Settings\Application Data\alnjnbhr\irfvxbnf.exe File not found
    [2012/04/01 14:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir\Local Settings\Application Data\alnjnbhr
    [2012/04/07 13:12:04 | 000,100,464 | -H-- | M] () -- C:\WINDOWS\System32\237zms3
    [2012/04/07 12:54:27 | 000,107,760 | -H-- | M] () -- C:\Documents and Settings\Amir\NQmilY3
    [2012/04/01 14:03:07 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Amir\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Aryankids

Aryankids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry but it seems the issue persists.

I have attached the OTL log file and combofix log file as requested. N.B. the combofix log has been captured BEFORE I ran your fix commands.

regs
Amir

PS, I have not malwarebytes installed on my machine

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you use a router ? If so do any other computers have the same problem

Also it is just IE, Firefox or both
  • 0

#7
Aryankids

Aryankids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I use router. there are other computers on the network and they are fine.

it seems no single app on this computer can connect to antivirus sites. surprisingly I cannot even ping these websites. I even removed hosts file, opened a new cmd , but that did not have any affect !!




C:\>ping www.yahoo.com

Pinging eu-fp3.wa1.b.yahoo.com [87.248.112.181] with 32 bytes of data:

Reply from 87.248.112.181: bytes=32 time=122ms TTL=53
Reply from 87.248.112.181: bytes=32 time=47ms TTL=53
Reply from 87.248.112.181: bytes=32 time=45ms TTL=53
Reply from 87.248.112.181: bytes=32 time=47ms TTL=53

Ping statistics for 87.248.112.181:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 122ms, Average = 65ms

C:\>ping www.avg.com

Pinging 127.0.0.1 [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>cd \
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Delete your current copy of Combofix please

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
Aryankids

Aryankids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Files are attached as requested.

Can I have your attention on

c:\documents and settings\Amir\Local Settings\Application Data\alnjnbhr\irfvxbnf.exe

This has been seen by hijackthis and combofix.
Combofix removed it and that allowed me to connect to AV sites for less than 1 minute then issue came back.
I scan my system again with HT and it is there again !!!! so more or less I am sure this file causing the issue.

regs
Amir

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is it, but I needed a further Combofix run to determine all the locations to remove it from

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Amir\Start Menu\Programs\Startup\irfvxbnf.exe

Folder::
c:\documents and settings\Amir\Local Settings\Application Data\alnjnbhr
c:\windows\system32\237zms3

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IrfVxbnf"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrfVxbnf]

Driver::
MICORSOFT_WINDOWS_SERVICE

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#11
Aryankids

Aryankids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
That certainly did the trick. You are Star ! :thumbsup:

I am now connected to avg and could download the latest AV list. A full scan started.
I also can now ping the site.

Thank you so much for your help and support.

I appreciate it.

regards
Amir



Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Amir>ping www.avg.com

Pinging a1129.b.akamai.net [62.24.131.67] with 32 bytes of data:

Reply from 62.24.131.67: bytes=32 time=36ms TTL=59
Reply from 62.24.131.67: bytes=32 time=31ms TTL=59
Reply from 62.24.131.67: bytes=32 time=31ms TTL=59
Reply from 62.24.131.67: bytes=32 time=31ms TTL=59

Ping statistics for 62.24.131.67:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 36ms, Average = 32ms

Attached Files


Edited by Aryankids, 07 April 2012 - 02:20 PM.

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now that looks better, could you run a quick scan with OTL please, selecting all users and post the resultant log
  • 0

#13
Aryankids

Aryankids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
sorry for the delay. As you could imagine my system was widely infected by virus (Zbot) and it took a while for AVG to cure all the issues.

Nonetheless the file is attached.

You might like to know I did NOT disable AVG whilst OTL was running and in the middle of process AVG found these two files as infected and moved them

C:\Documents and Settings\Amir\NQmilY3
C:\WINDOWS\System32\237zms3


Once again many thanks for all your help today.

regs
Amir

OTL logfile created on: 07/04/2012 23:45:27 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

989.04 Mb Total Physical Memory | 514.15 Mb Available Physical Memory | 51.98% Memory free
2.33 Gb Paging File | 1.87 Gb Available in Paging File | 80.23% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 9.57 Gb Free Space | 12.85% Space Free | Partition Type: NTFS
Drive D: | 430.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 532.81 Gb Free Space | 57.20% Space Free | Partition Type: NTFS
Drive G: | 116.70 Mb Total Space | 105.21 Mb Free Space | 90.15% Space Free | Partition Type: FAT32

Computer Name: SERVER | User Name: Amir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 15:47:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2012/03/17 21:56:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 04:36:44 | 001,269,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:52:44 | 000,976,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/10/27 21:58:24 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/04/15 10:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 15:14:51 | 000,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe
PRC - [2007/06/11 15:14:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
PRC - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/17 21:56:57 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/14 04:52:54 | 000,472,416 | ---- | M] () -- C:\Program Files\AVG\AVG2012\avgadvisorx.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/16 04:08:11 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll
MOD - [2007/02/22 08:15:30 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/22 08:13:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/22 08:10:48 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/11/07 16:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2004/10/15 18:32:20 | 001,385,712 | ---- | M] () -- C:\Program Files\Sygate\SPF\tse.dll
MOD - [2004/10/15 18:32:18 | 000,832,744 | ---- | M] () -- C:\Program Files\Sygate\SPF\SyLink.dll
MOD - [2004/10/15 18:32:12 | 000,890,088 | ---- | M] () -- C:\Program Files\Sygate\SPF\SpNet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/10/27 21:58:24 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/04/15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/24 21:33:26 | 001,019,904 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2007/06/11 15:14:51 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 15:14:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/07 12:27:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/22 05:25:52 | 000,299,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:04 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidsehx.sys -- (AVGIDSEH)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/09/11 00:43:45 | 000,169,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009/08/18 10:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/05 07:16:44 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 35 DA 76 ED 0D CD 01 [binary data]
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\..\SearchScopes,DefaultScope = {65ECC565-4827-45E6-AEE1-F3AAD001013C}
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\..\SearchScopes\{65ECC565-4827-45E6-AEE1-F3AAD001013C}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-484763869-507921405-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 21:56:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 21:58:56 | 000,000,000 | ---D | M]

[2010/12/04 11:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amir\Application Data\Mozilla\Extensions
[2011/12/21 13:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amir\Application Data\Mozilla\Firefox\Profiles\mj87znzk.default\extensions
[2011/09/07 10:02:51 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Amir\Application Data\Mozilla\Firefox\Profiles\mj87znzk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/02/15 12:29:39 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Amir\Application Data\Mozilla\Firefox\Profiles\mj87znzk.default\extensions\[email protected]
[2012/01/24 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/30 18:05:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/17 21:56:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/27 21:58:26 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 14:50:40 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 14:50:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/07 14:50:40 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/07 14:50:40 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/07 14:50:40 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/04/07 20:46:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-507921405-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-484763869-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3022C65-C20D-4891-8CCD-51BB1C6FC419}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Amir\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amir\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/02 21:07:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/24 18:18:06 | 000,000,136 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 23:28:00 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2012/04/07 23:28:00 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2012/04/07 23:27:59 | 000,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2012/04/07 23:27:59 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2012/04/07 23:27:59 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2012/04/07 23:27:58 | 000,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2012/04/07 23:27:55 | 000,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2012/04/07 23:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sygate Personal Firewall
[2012/04/07 23:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sygate
[2012/04/07 21:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/04/07 19:40:37 | 004,452,287 | R--- | C] (Swearware) -- C:\Documents and Settings\Amir\Desktop\ComboFix.exe
[2012/04/07 19:21:10 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Amir\Desktop\tdsskiller.exe
[2012/04/07 17:33:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/07 15:49:45 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/04/07 15:49:34 | 004,831,232 | ---- | C] (AVAST Software) -- C:\aswMBR.exe
[2012/04/07 14:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir\Start Menu\Programs\HiJackThis
[2012/04/07 14:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\HT
[2012/04/07 12:46:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/07 12:44:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 12:44:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 12:44:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 12:44:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 12:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/07 12:44:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 12:43:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amir\Start Menu\Programs\Administrative Tools
[2012/04/07 12:27:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/07 12:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir\Application Data\Malwarebytes
[2012/04/07 12:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/03 10:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/04/03 10:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amir\Application Data\Juniper Networks
[2012/04/01 14:42:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

========== Files - Modified Within 30 Days ==========

[2012/04/07 23:36:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 23:29:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/07 23:29:14 | 1037,160,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/07 21:09:11 | 060,232,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/07 21:06:09 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/04/07 20:46:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 20:11:17 | 000,002,503 | ---- | M] () -- C:\Documents and Settings\Amir\Desktop\HiJackThis.lnk
[2012/04/07 19:19:30 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Amir\Desktop\tdsskiller.exe
[2012/04/07 16:22:08 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2012/04/07 15:47:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/04/07 15:36:30 | 004,831,232 | ---- | M] (AVAST Software) -- C:\aswMBR.exe
[2012/04/07 13:05:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/07 12:41:26 | 004,452,287 | R--- | M] (Swearware) -- C:\Documents and Settings\Amir\Desktop\ComboFix.exe
[2012/04/07 12:27:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/04 08:57:03 | 000,436,002 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/04 08:57:03 | 000,068,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/20 14:47:02 | 000,700,155 | ---- | M] () -- C:\Documents and Settings\Amir\Desktop\20-03-2012 13;47;02.jpg
[2012/03/14 04:21:34 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 04:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/09 20:48:01 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Amir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/04/07 23:09:05 | 000,100,464 | -H-- | C] () -- C:\WINDOWS\System32\237zms3
[2012/04/07 21:06:09 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/04/07 21:01:40 | 000,115,440 | -H-- | C] () -- C:\Documents and Settings\Amir\NQmilY3
[2012/04/07 16:22:08 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012/04/07 14:30:30 | 000,002,503 | ---- | C] () -- C:\Documents and Settings\Amir\Desktop\HiJackThis.lnk
[2012/04/07 12:46:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/07 12:46:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/07 12:44:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 12:44:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 12:44:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 12:44:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 12:44:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/20 14:47:11 | 000,700,155 | ---- | C] () -- C:\Documents and Settings\Amir\Desktop\20-03-2012 13;47;02.jpg
[2012/02/15 08:37:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/26 18:09:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/26 18:09:07 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/26 18:09:07 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/26 18:09:07 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/19 15:08:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/16 15:48:24 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/01/05 18:46:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/04 11:00:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/17 17:49:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2010/11/17 17:49:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2010/11/17 17:48:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2010/11/17 17:48:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2010/11/17 17:48:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2010/11/17 17:46:58 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2010/11/17 17:46:44 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2010/11/17 17:46:44 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2010/11/17 17:46:44 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2010/11/17 17:46:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2010/11/17 17:46:43 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2010/11/17 17:46:43 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2010/11/17 17:46:43 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2010/11/17 17:46:43 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2010/11/17 17:46:43 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2010/11/17 17:46:42 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2010/11/17 17:46:42 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe
[2010/11/17 17:46:41 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2010/11/17 17:46:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2010/11/17 17:46:40 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2010/11/17 17:46:40 | 000,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
[2010/11/17 17:46:40 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2010/11/17 17:46:40 | 000,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe
[2010/11/17 17:35:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2010/11/17 17:35:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2010/11/17 17:34:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2010/11/17 17:34:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/09/18 00:59:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Muxman.ini
[2010/09/02 22:03:55 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/04 17:43:05 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/07 16:57:11 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Amir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 21:47:01 | 000,982,196 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/05/02 21:47:01 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/05/02 21:42:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/05/02 21:42:06 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/02 21:42:03 | 000,023,175 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/05/02 21:42:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/05/02 21:31:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/02 21:30:29 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/02 21:08:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/02 21:04:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012/04/07 23:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/22 13:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/23 16:54:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/26 17:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2012/04/03 10:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/08 11:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2012/04/07 21:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/02 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/10/14 10:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\AVG2012
[2011/03/03 13:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\GARMIN
[2012/04/04 08:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Juniper Networks
[2010/11/25 09:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Lexmark Productivity Studio
[2010/09/18 01:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\PgcEdit
[2010/05/09 13:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Sony Setup
[2012/04/03 10:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Spotify
[2011/12/22 15:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\TeamViewer
[2011/03/29 23:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Teleca
[2012/04/01 15:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\uTorrent
[2012/03/26 07:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\Vso
[2010/10/27 08:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amir\Application Data\WordWeb

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   71.6KB   33 downloads

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hm I thought I had kicked those out yesterday

Lets double check

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/04/07 23:09:05 | 000,100,464 | -H-- | C] () -- C:\WINDOWS\System32\237zms3
    [2012/04/07 21:01:40 | 000,115,440 | -H-- | C] () -- C:\Documents and Settings\Amir\NQmilY3

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP