Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG threat Virus identified Worm/Generic2.CEAG

Started by toker , Jul 10 2012 07:13 PM

  • Please log in to reply

#1
toker
Posted 10 July 2012 - 07:13 PM

toker

    Member

  • Member
  • PipPip
  • 17 posts
AVG Threat detected!
file name: f:\WINDOWS\explorer.exe
Virus identified Worm/Generic2.CEAG
Detected on open

HKLM\WINDOWS\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell - Found registry key to infected file F:\WINDOWS\explorer.exe

AGV infection
F:\WINDOWS\explorer.exe - Virus identified Worm/Generic2.CEAG
F:\WINDOWS\explorer.exe - Object is white-listed (critical/system

file that should not be removed
F:\WINDOWS\explorer.exe (1904)

-----------

OTL logfile created on: 7/11/2012 10:09:12 AM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = F:\Documents and Settings\henk\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 52.97% Memory free
4.35 Gb Paging File | 3.14 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive F: | 74.52 Gb Total Space | 14.92 Gb Free Space | 20.02% Space Free | Partition Type: NTFS
Drive G: | 217.05 Gb Total Space | 86.66 Gb Free Space | 39.93% Space Free | Partition Type: NTFS
Drive H: | 465.65 Gb Total Space | 135.52 Gb Free Space | 29.10% Space Free | Partition Type: FAT32

Computer Name: [bleep]-5BE0406F47 | User Name: henk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/11 07:59:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\henk\Desktop\24960-OTL.exe
PRC - [2012/07/10 13:47:04 | 000,935,008 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/10 13:47:02 | 001,107,552 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/30 11:45:53 | 006,077,848 | ---- | M] (BitTorrent, Inc.) -- F:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012/06/21 03:48:40 | 004,368,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- F:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/19 10:52:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/05/29 20:46:48 | 001,220,960 | ---- | M] (TuneUp Software) -- F:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/05/29 20:46:46 | 001,528,672 | ---- | M] (TuneUp Software) -- F:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- F:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/10/01 09:48:56 | 002,792,480 | ---- | M] (Acer Incorporated) -- F:\Program Files\Acer\Software Suite\SoftSuite.exe
PRC - [2009/08/05 21:31:13 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2009/04/09 11:39:16 | 000,299,008 | ---- | M] () -- F:\Genius\ioCentre\gMouseTask.exe
PRC - [2009/04/09 11:18:02 | 000,172,032 | ---- | M] () -- F:\Genius\ioCentre\gKbdTask.exe
PRC - [2009/03/10 19:16:56 | 000,176,128 | ---- | M] () -- F:\Genius\ioCentre\gKbStatus.exe
PRC - [2009/03/10 15:27:26 | 000,053,248 | ---- | M] () -- F:\Genius\ioCentre\gIMMgm.exe
PRC - [2009/02/05 14:25:26 | 000,537,120 | ---- | M] (Acer Incorporated) -- F:\Program Files\Acer\Software Suite\DevDetect.exe
PRC - [2009/01/14 15:31:28 | 000,994,624 | ---- | M] (Packard Bell Services) -- F:\Program Files\Acer\Software Suite\PowerSave\HDPBSSS.exe
PRC - [2009/01/14 15:31:10 | 000,066,880 | ---- | M] (Packard Bell Services) -- F:\Program Files\Acer\Software Suite\PowerSave\JMAPP8.exe
PRC - [2008/02/14 11:49:24 | 000,188,416 | ---- | M] () -- F:\Genius\ioCentre\gDeskMgm.exe
PRC - [2007/12/17 15:49:20 | 000,061,440 | ---- | M] () -- F:\Genius\ioCentre\gTaskBar.exe
PRC - [2007/03/21 15:39:00 | 000,049,152 | ---- | M] () -- F:\Genius\ioCentre\gTaskSwitch.exe
PRC - [2007/02/26 16:16:30 | 000,188,416 | ---- | M] () -- F:\Genius\ioCentre\gZoom.exe
PRC - [2007/02/26 15:56:18 | 000,180,224 | ---- | M] () -- F:\Genius\ioCentre\gAutoPan.exe
PRC - [2007/01/19 19:03:24 | 000,061,440 | ---- | M] () -- F:\Genius\ioCentre\gAutoScroll.exe
PRC - [2006/04/10 17:54:14 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- F:\WINDOWS\ATKKBService.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 13:47:06 | 000,132,704 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/10 13:47:04 | 000,935,008 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012/07/10 13:47:02 | 001,107,552 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/19 10:52:08 | 002,042,848 | ---- | M] () -- F:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/16 08:38:43 | 008,527,008 | ---- | M] () -- F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/01/28 12:10:55 | 011,808,768 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7075efdfaaa528429ea6d82dc826827b\System.Web.ni.dll
MOD - [2010/01/28 12:10:29 | 000,962,560 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\890041ad2b7f9b48884486cf7d279f1f\System.Configuration.ni.dll
MOD - [2010/01/28 12:07:17 | 005,640,192 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\8a1a010cf573b946a51edf420c17ab81\System.Xml.ni.dll
MOD - [2010/01/28 12:07:10 | 013,107,200 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\33dc9e346e4e4d41ae1485d2fd24acd9\System.Windows.Forms.ni.dll
MOD - [2010/01/28 12:06:55 | 001,626,112 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\cf4ceeb5c1316a498b8c205b0029d021\System.Drawing.ni.dll
MOD - [2010/01/28 12:06:51 | 008,093,696 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\a7985f7341d37d44bc275db7d4cfdd8c\System.ni.dll
MOD - [2010/01/28 12:06:37 | 011,415,552 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9b7a7c72c44c8449ac6e8a07e0b6ded5\mscorlib.ni.dll
MOD - [2010/01/28 12:06:10 | 000,368,640 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/01/28 12:06:10 | 000,299,008 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/11/15 22:29:04 | 000,094,208 | ---- | M] () -- F:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/08/05 21:31:36 | 001,291,264 | ---- | M] () -- F:\WINDOWS\system32\quartz.dll
MOD - [2009/04/09 11:39:16 | 000,299,008 | ---- | M] () -- F:\Genius\ioCentre\gMouseTask.exe
MOD - [2009/04/09 11:18:02 | 000,172,032 | ---- | M] () -- F:\Genius\ioCentre\gKbdTask.exe
MOD - [2009/03/27 18:04:20 | 000,245,760 | ---- | M] () -- F:\Genius\ioCentre\gfBrowser.dll
MOD - [2009/03/11 19:10:12 | 000,126,976 | ---- | M] () -- F:\Genius\ioCentre\GenXml.dll
MOD - [2009/03/10 19:16:56 | 000,176,128 | ---- | M] () -- F:\Genius\ioCentre\gKbStatus.exe
MOD - [2009/03/10 15:27:26 | 000,053,248 | ---- | M] () -- F:\Genius\ioCentre\gIMMgm.exe
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- F:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- F:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2008/06/05 07:01:12 | 000,344,064 | ---- | M] () -- F:\Program Files\Acer\Software Suite\sqlite3.dll
MOD - [2008/04/14 19:00:00 | 000,562,176 | ---- | M] () -- F:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 19:00:00 | 000,059,904 | ---- | M] () -- F:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 19:00:00 | 000,014,336 | ---- | M] () -- F:\WINDOWS\system32\msdmo.dll
MOD - [2008/02/19 16:59:16 | 000,017,920 | ---- | M] () -- F:\Genius\ioCentre\gfOffice.dll
MOD - [2008/02/14 11:49:24 | 000,188,416 | ---- | M] () -- F:\Genius\ioCentre\gDeskMgm.exe
MOD - [2007/12/21 15:16:16 | 000,057,344 | ---- | M] () -- F:\Genius\ioCentre\gfMedia.dll
MOD - [2007/12/17 15:49:20 | 000,061,440 | ---- | M] () -- F:\Genius\ioCentre\gTaskBar.exe
MOD - [2007/12/10 14:14:04 | 000,022,528 | ---- | M] () -- F:\Genius\ioCentre\gfSystem.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- F:\Program Files\WinRAR\RarExt.dll
MOD - [2007/08/01 11:02:36 | 000,031,744 | ---- | M] () -- F:\Genius\ioCentre\gfEmail.dll
MOD - [2007/05/18 15:37:10 | 000,021,504 | ---- | M] () -- F:\Genius\ioCentre\gIoCentreHook.dll
MOD - [2007/03/21 15:39:00 | 000,049,152 | ---- | M] () -- F:\Genius\ioCentre\gTaskSwitch.exe
MOD - [2007/02/26 16:16:30 | 000,188,416 | ---- | M] () -- F:\Genius\ioCentre\gZoom.exe
MOD - [2007/02/26 15:56:18 | 000,180,224 | ---- | M] () -- F:\Genius\ioCentre\gAutoPan.exe
MOD - [2007/01/19 19:07:56 | 000,021,504 | ---- | M] () -- F:\Genius\ioCentre\gDevMgm.dll
MOD - [2007/01/19 19:03:24 | 000,061,440 | ---- | M] () -- F:\Genius\ioCentre\gAutoScroll.exe
MOD - [2005/10/19 11:17:58 | 000,073,728 | ---- | M] () -- F:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- F:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2012/07/10 13:47:04 | 000,935,008 | ---- | M] () [Auto | Running] -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- F:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/19 10:52:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- F:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 20:46:46 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- F:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- F:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/01/05 08:16:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 15:31:28 | 000,994,624 | ---- | M] (Packard Bell Services) [Auto | Running] -- F:\Program Files\Acer\Software Suite\PowerSave\HDPBSSS.exe -- (Service1)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/10 08:23:26 | 000,053,032 | ---- | M] (Nero AG) [Disabled | Stopped] -- F:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/07/10 08:23:16 | 001,442,088 | ---- | M] (Nero AG) [Disabled | Stopped] -- F:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/04/10 17:54:14 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- F:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- F:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- F:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- F:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/03/18 23:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- F:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/01/30 15:34:43 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2009/04/28 18:27:54 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\gHidPnp.sys -- (gHidPnp)
DRV - [2009/03/04 09:55:52 | 000,011,520 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\gMouUsb.sys -- (gMouUsb)
DRV - [2008/10/31 09:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/10 08:23:14 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/07/10 08:23:14 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/07/10 08:23:14 | 000,018,088 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- F:\WINDOWS\system32\drivers\InCDrec.sys -- (InCDRec)
DRV - [2008/07/10 08:23:04 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- F:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/12/21 04:25:20 | 000,429,440 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2006/07/12 04:48:46 | 000,017,408 | ---- | M] ( Mouse Upfilter Driver ) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\gMouPS2.sys -- (gMouPS2)
DRV - [2006/03/17 16:24:09 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/26 22:02:48 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/10/20 21:30:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/10/18 15:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005/06/07 16:00:00 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2003/10/15 16:52:00 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [1996/04/04 02:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- F:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...pr&d=2012-07-07 07:56:32&v=11.1.0.12&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8D-6656E9C8FB94
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-07-07 07:56:32&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..keyword.URL: "http://isearch.avg.c...6:32&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: F:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: F:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/07 07:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: F:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/10 13:47:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2012/06/19 10:52:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2012/04/13 12:36:31 | 000,000,000 | ---D | M]

[2012/01/26 12:49:19 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\henk\Application Data\Mozilla\Extensions
[2012/07/04 15:01:15 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\henk\Application Data\Mozilla\Firefox\Profiles\32slugb5.default\extensions
[2012/06/01 06:37:31 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- F:\Documents and Settings\henk\Application Data\Mozilla\Firefox\Profiles\32slugb5.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/02/11 02:13:59 | 000,000,000 | ---D | M] (Cooliris) -- F:\Documents and Settings\henk\Application Data\Mozilla\Firefox\Profiles\32slugb5.default\extensions\[email protected]
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- F:\Documents and Settings\henk\Application Data\Mozilla\Firefox\Profiles\32slugb5.default\searchplugins\askcom.xml
[2010/11/15 07:14:08 | 000,000,863 | ---- | M] () -- F:\Documents and Settings\henk\Application Data\Mozilla\Firefox\Profiles\32slugb5.default\searchplugins\conduit.xml
[2011/10/10 16:37:04 | 000,002,520 | ---- | M] () -- F:\Documents and Settings\henk\Application Data\Mozilla\Firefox\Profiles\32slugb5.default\searchplugins\SearchResults.xml
[2012/01/26 12:49:19 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2012/07/10 20:05:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/10 13:47:15 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- F:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.1.0.12
[2012/06/30 13:42:38 | 000,013,345 | ---- | M] () (No name found) -- F:\DOCUMENTS AND SETTINGS\HENK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\32SLUGB5.DEFAULT\EXTENSIONS\{4DC70064-89E2-4A55-8FC6-E8CDEAE3618C}.XPI
[2012/06/30 13:36:53 | 000,039,512 | ---- | M] () (No name found) -- F:\DOCUMENTS AND SETTINGS\HENK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\32SLUGB5.DEFAULT\EXTENSIONS\{B1DF372D-8B32-4C7D-B6B4-9C5B78CF6FB1}.XPI
[2012/06/21 16:47:45 | 000,109,964 | ---- | M] () (No name found) -- F:\DOCUMENTS AND SETTINGS\HENK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\32SLUGB5.DEFAULT\EXTENSIONS\[email protected]
[2012/07/07 07:55:09 | 000,000,000 | ---D | M] (AVG Do Not Track) -- F:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/19 10:52:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/10 13:47:01 | 000,003,767 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/19 10:52:06 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/10 16:37:04 | 000,002,520 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/06/19 10:52:06 | 000,002,040 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2010/01/05 08:42:32 | 000,000,765 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - F:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] F:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] F:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [InCD] F:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ioCentre] F:\Genius\ioCentre\gTaskBar.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] F:\Program Files\Nero\Nero8\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [vProt] F:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Acer Software Suite] F:\Program Files\Acer\Software Suite\SoftSuite.exe (Acer Incorporated)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Software Suite] F:\Program Files\Acer\Software Suite\SoftSuite.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - F:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0CE2B9-0080-44D0-9309-96A8C5AFF584}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - F:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: F:\Documents and Settings\henk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\henk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\coverdes.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\discspeed.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\drivespeed.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\infotool.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroburnrights.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerohome.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neromediahome.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroupgrade.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\recode.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - F:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03689ba8-45cd-11e1-b282-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{03689ba8-45cd-11e1-b282-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03689ba8-45cd-11e1-b282-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{1a14443c-128a-11e0-a201-001e589d6294}\Shell\AutoRun\command - "" = fakerica//shmekerica.exe
O33 - MountPoints2\{1a14443c-128a-11e0-a201-001e589d6294}\Shell\Explore\command - "" = fakerica//shmekerica.exe
O33 - MountPoints2\{1a14443c-128a-11e0-a201-001e589d6294}\Shell\Open\command - "" = fakerica//shmekerica.exe
O33 - MountPoints2\{21f8c5b5-67cd-11df-a09d-001e589d6294}\Shell\AutoRun\command - "" = H:\SoftwareSuite.exe
O33 - MountPoints2\{30c83ade-d2f3-11df-a16f-001e589d6294}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30c83ade-d2f3-11df-a16f-001e589d6294}\Shell\AutoRun\command - "" = H:\NIKOLIC\\baswala.exe
O33 - MountPoints2\{30c83ade-d2f3-11df-a16f-001e589d6294}\Shell\explore\command - "" = H:\NIKOLIC\\\baswala.exe
O33 - MountPoints2\{30c83ade-d2f3-11df-a16f-001e589d6294}\Shell\open\command - "" = H:\NIKOLIC\\\baswala.exe
O33 - MountPoints2\{515f55e0-23ac-11e1-a41c-0018f3ac5928}\Shell\AutoRun\command - "" = restore\restorestarter.exe
O33 - MountPoints2\{9f4a370e-2c90-11e0-a245-001e589d6294}\Shell - "" = AutoRun
O33 - MountPoints2\{9f4a370e-2c90-11e0-a245-001e589d6294}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f4a370e-2c90-11e0-a245-001e589d6294}\Shell\AutoRun\command - "" = F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PStart
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 08:00:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\henk\Desktop\24960-OTL.exe
[2012/07/11 06:59:13 | 000,000,000 | -HSD | C] -- F:\Documents and Settings\henk\IETldCache
[2012/07/11 06:52:48 | 000,000,000 | -H-D | C] -- F:\WINDOWS\ie8
[2012/07/10 12:01:17 | 000,000,000 | ---D | C] -- F:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2012/07/07 09:34:10 | 000,031,584 | ---- | C] (TuneUp Software) -- F:\WINDOWS\System32\TURegOpt.exe
[2012/07/07 09:33:43 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2012
[2012/07/07 09:33:15 | 000,000,000 | ---D | C] -- F:\Documents and Settings\henk\Application Data\TuneUp Software
[2012/07/07 09:32:46 | 000,000,000 | ---D | C] -- F:\Program Files\TuneUp Utilities 2012
[2012/07/07 09:31:49 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/07/07 09:31:27 | 000,000,000 | -HSD | C] -- F:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/07/07 08:41:41 | 000,000,000 | ---D | C] -- F:\Documents and Settings\henk\Application Data\AVG
[2012/07/07 08:12:28 | 000,000,000 | ---D | C] -- F:\WINDOWS\SxsCaPendDel
[2012/07/07 07:57:21 | 000,000,000 | ---D | C] -- F:\Documents and Settings\henk\Application Data\AVG2012
[2012/07/07 07:56:45 | 000,000,000 | ---D | C] -- F:\Documents and Settings\henk\Local Settings\Application Data\AVG Secure Search
[2012/07/07 07:56:33 | 000,000,000 | ---D | C] -- F:\Documents and Settings\henk\Application Data\AVG Secure Search
[2012/07/07 07:56:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/07 07:56:29 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\AVG Secure Search
[2012/07/07 07:56:28 | 000,000,000 | ---D | C] -- F:\Program Files\AVG Secure Search
[2012/07/06 10:38:13 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/06/23 14:44:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\henk\Desktop\snus.com
[2012/06/18 12:52:36 | 000,000,000 | ---D | C] -- F:\Documents and Settings\henk\My Documents\WebStripper
[2012/06/18 12:52:36 | 000,000,000 | ---D | C] -- F:\Documents and Settings\henk\Application Data\WebStripper
[2012/06/18 12:52:34 | 000,000,000 | ---D | C] -- F:\Program Files\Solent
[2012/06/18 12:52:34 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\PageNest
[2012/06/12 13:38:03 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\cache
[2012/01/29 10:43:22 | 003,623,592 | ---- | C] (Ask) -- F:\Program Files\Common Files\ApnToolbarInstaller.exe
[2012/01/29 10:43:22 | 000,143,240 | ---- | C] (Ask.com) -- F:\Program Files\Common Files\ApnStub.exe

========== Files - Modified Within 30 Days ==========

[2012/07/11 09:54:24 | 000,000,069 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
[2012/07/11 09:54:23 | 000,218,112 | ---- | M] () -- F:\Documents and Settings\henk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 07:59:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\henk\Desktop\24960-OTL.exe
[2012/07/11 06:59:04 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012/07/11 06:45:46 | 000,004,566 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2012/07/11 06:45:43 | 000,455,706 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2012/07/11 06:45:43 | 000,075,554 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2012/07/11 06:09:18 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2012/07/11 05:31:28 | 101,353,010 | ---- | M] () -- F:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/10 20:04:24 | 000,033,758 | ---- | M] () -- F:\Documents and Settings\henk\Local Settings\Application Data\dt.dat
[2012/07/10 15:09:13 | 000,000,010 | ---- | M] () -- F:\WINDOWS\popcinfo.dat
[2012/07/10 13:56:07 | 000,269,905 | ---- | M] () -- F:\Documents and Settings\henk\Desktop\sample_prdcts.jpg
[2012/07/09 15:30:47 | 000,059,681 | ---- | M] () -- F:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/07/09 13:16:08 | 000,000,113 | ---- | M] () -- F:\Documents and Settings\henk\Application Data\default.pls
[2012/07/07 09:34:05 | 000,001,772 | ---- | M] () -- F:\Documents and Settings\henk\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2012.lnk
[2012/07/07 09:34:05 | 000,001,760 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/07 09:34:05 | 000,001,754 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012/07/07 07:56:46 | 000,000,715 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/07/07 07:31:04 | 000,113,461 | ---- | M] () -- F:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2012/06/29 16:29:11 | 364,343,690 | ---- | M] () -- F:\Suits.S02E03.HDTV.XviD-AFG.avi
[2012/06/28 13:48:23 | 000,000,038 | ---- | M] () -- F:\WINDOWS\AviSplitter.INI
[2012/06/25 06:34:38 | 356,386,496 | ---- | M] () -- F:\Suits.S02E02.HDTV.XviD-AFG.avi

========== Files Created - No Company Name ==========

[2012/07/11 07:48:52 | 000,978,900 | ---- | C] () -- F:\Documents and Settings\henk\Desktop\otlv4.h
[2012/07/10 20:04:24 | 000,033,758 | ---- | C] () -- F:\Documents and Settings\henk\Local Settings\Application Data\dt.dat
[2012/07/10 13:56:01 | 000,269,905 | ---- | C] () -- F:\Documents and Settings\henk\Desktop\sample_prdcts.jpg
[2012/07/08 13:01:30 | 356,386,496 | ---- | C] () -- F:\Suits.S02E02.HDTV.XviD-AFG.avi
[2012/07/08 13:00:45 | 364,343,690 | ---- | C] () -- F:\Suits.S02E03.HDTV.XviD-AFG.avi
[2012/07/07 09:34:05 | 000,001,772 | ---- | C] () -- F:\Documents and Settings\henk\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2012.lnk
[2012/07/07 09:34:05 | 000,001,760 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/07 09:34:05 | 000,001,754 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012/07/07 09:33:43 | 000,001,760 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/07/07 07:56:46 | 000,000,715 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/03/01 09:43:15 | 000,758,018 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2012/03/01 09:43:15 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2012/01/30 11:12:49 | 000,000,036 | ---- | C] () -- F:\WINDOWS\mafosav.INI
[2012/01/30 10:40:58 | 000,002,048 | ---- | C] () -- F:\WINDOWS\System32\Tr_sttool2.dat
[2012/01/08 12:35:56 | 000,121,229 | ---- | C] () -- F:\WINDOWS\File Renamer - Basic Uninstaller.exe
[2012/01/06 07:59:27 | 000,000,031 | ---- | C] () -- F:\WINDOWS\System32\wdsdtdsini.dll
[2011/10/13 22:54:48 | 000,555,520 | ---- | C] () -- F:\Program Files\Uninstall.exe
[2011/03/17 17:30:28 | 000,000,754 | ---- | C] () -- F:\WINDOWS\WORDPAD.INI
[2011/03/17 03:58:34 | 000,000,038 | ---- | C] () -- F:\WINDOWS\AviSplitter.INI
[2010/12/22 13:16:52 | 000,000,000 | ---- | C] () -- F:\WINDOWS\Irremote.ini
[2010/12/10 11:33:04 | 000,200,704 | R--- | C] () -- F:\WINDOWS\sel3110.exe
[2010/12/10 11:33:03 | 000,040,960 | R--- | C] () -- F:\WINDOWS\CleanDev.exe
[2010/12/10 11:33:03 | 000,032,528 | R--- | C] () -- F:\WINDOWS\amcap.exe
[2010/10/26 10:05:01 | 000,962,560 | ---- | C] () -- F:\WINDOWS\tesseract.exe
[2010/08/10 16:20:20 | 000,000,600 | ---- | C] () -- F:\Documents and Settings\henk\Application Data\PUTTY.RND

========== LOP Check ==========

[2012/07/10 20:04:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/07 08:05:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\AVG2012
[2010/12/04 09:31:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\avg9
[2011/10/12 09:25:52 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/04 09:46:23 | 000,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/11 05:31:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/22 13:37:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/05/08 12:10:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/10/26 10:04:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/07/07 08:43:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/07 09:34:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/03/04 09:27:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\xml_param
[2012/07/07 09:31:27 | 000,000,000 | -HSD | M] -- F:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/05/07 15:07:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\7Wonders
[2012/07/07 08:41:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\AVG
[2012/07/07 07:56:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\AVG Secure Search
[2012/07/07 07:57:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\AVG2012
[2012/07/11 10:11:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\BitTorrent
[2010/02/28 02:16:10 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\com.adobe.ExMan
[2012/03/04 09:36:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\Digiarty
[2010/12/22 13:36:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\Downloaded Installations
[2012/07/11 06:36:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\FileZilla
[2012/06/08 20:20:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\FlexibleSoft
[2011/10/10 16:37:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\FreeBurner
[2012/01/29 11:25:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\GetRightToGo
[2012/01/29 11:25:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\GrabPro
[2011/03/08 15:55:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\HandBrake
[2012/05/01 14:21:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\InfraRecorder
[2012/05/06 08:29:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\J. A. Associates
[2011/02/01 10:18:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\Local
[2010/05/15 10:53:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\Magic Match
[2010/10/27 10:34:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\MSNInstaller
[2010/12/22 13:37:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\Nitro PDF
[2012/01/30 09:59:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\Orbit
[2012/01/25 15:56:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\Personal Video Database
[2012/02/01 19:34:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\PriceGong
[2012/01/29 11:25:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\ProgSense
[2011/12/22 09:17:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\searchquband
[2011/02/11 14:43:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\TeamViewer
[2012/07/07 09:33:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\TuneUp Software
[2012/07/07 08:07:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\uTorrent
[2012/06/18 12:53:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\WebStripper
[2012/03/04 09:09:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\henk\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 118 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22

< End of report >



-----------

ran Malwarebytes - but that did not find any problems

Please help and give some directions - totally stuck

Edited by toker, 10 July 2012 - 09:16 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP