Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG reporting unremovable Rootkits

Started by 4ga10 1 , Oct 26 2010 09:58 PM

  • Please log in to reply

#1
4ga10 1
Posted 26 October 2010 - 09:58 PM

4ga10 1

    New Member

  • Member
  • Pip
  • 2 posts
Hi first time posting hopefully I do everything right. Appreciate any help I can get. Please let me know if I'm missing something that is needed.

I Have my OTL log but it was too big and kept giving me errors trying to post.

Malwarebytes blocking websites even without any browsers being open.
So far I have ran malwarebytes,ERUNT,OTL

My avg free edition is reporting rootkits
IRP hook, \Driver\atapi IRP_MJ_CREATE -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_CREATE_NAMED_PIPE -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_CLOSE -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_READ -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_WRITE -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_QUERY_INFORMATION -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_SET_INFORMATION -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_QUERY_EA -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_SET_EA -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_FLUSH_BUFFERS -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_QUERY_VOLUME_INFORMATION -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_SET_VOLUME_INFORMATION -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_DIRECTORY_CONTROL -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_FILE_SYSTEM_CONTROL -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_DEVICE_CONTROL -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_SHUTDOWN -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_LOCK_CONTROL -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_CLEANUP -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_CREATE_MAILSLOT -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_QUERY_SECURITY -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_SET_SECURITY -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_POWER -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_SYSTEM_CONTROL -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_DEVICE_CHANGE -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_QUERY_QUOTA -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_SET_QUOTA -> 0xFFFFFA80048108DD";"Object is hidden"
IRP hook, \Driver\atapi IRP_MJ_PNP -> 0xFFFFFA80048108DD";"Object is hidden"



here are my logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4949

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/26/2010 6:33:26 PM
mbam-log-2010-10-26 (18-33-26).txt

Scan type: Quick scan
Objects scanned: 207306
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------

OTL logfile created on: 10/26/2010 8:44:22 PM - Run 5
OTL by OldTimer - Version 3.2.17.1 Folder = D:\geekstogo.com
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 8.40 Gb Free Space | 17.21% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 40.69 Gb Free Space | 59.53% Space Free | Partition Type: NTFS
Drive E: | 69.12 Gb Total Space | 5.25 Gb Free Space | 7.59% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 16.85 Gb Free Space | 22.61% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 45.38 Gb Free Space | 46.47% Space Free | Partition Type: NTFS
Drive I: | 97.66 Gb Total Space | 14.38 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive J: | 84.15 Gb Total Space | 15.97 Gb Free Space | 18.97% Space Free | Partition Type: NTFS
Drive K: | 195.31 Gb Total Space | 115.32 Gb Free Space | 59.04% Space Free | Partition Type: NTFS
Drive L: | 503.32 Gb Total Space | 437.75 Gb Free Space | 86.97% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/26 16:32:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\geekstogo.com\OTL.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 16:32:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\geekstogo.com\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 18:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/04 01:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/05 09:45:12 | 000,129,536 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 16:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/08 02:41:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [On_Demand | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CrucialSMBusScan.sys -- (CrucialSMBusScan)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 01:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\B358.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/09 13:16:56 | 000,121,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/01/13 08:19:10 | 000,142,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcHlp.sys -- (archlp)
DRV:64bit: - [2010/01/01 10:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/08 17:18:23 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/24 17:20:38 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/26 15:35:48 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/06/26 15:35:48 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 10:32:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009/04/23 21:48:28 | 000,014,872 | ---- | M] (Crystal Rich, Ltd) [Kernel | On_Demand | Stopped] -- C:\Program Files\LockHunter\USRFindHandle64.sys -- (USR_Find_Handle)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/01/24 17:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/03/09 13:16:56 | 000,121,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 8A 47 B4 01 73 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1143
FF - prefs.js..extensions.enabledItems: [email protected]:6.010.006.004

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/09 22:17:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/25 09:50:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2010/10/22 08:22:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/23 16:12:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/23 15:18:15 | 000,000,000 | ---D | M]

[2010/10/23 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Admin.Home-PC\AppData\Roaming\mozilla\Extensions
[2010/10/23 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Admin.Home-PC\AppData\Roaming\mozilla\Firefox\Profiles\og35cb2o.default\extensions
[2010/10/23 15:18:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/22 15:55:51 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (AnyDiscHelp.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b59ead3-dcdc-11de-85ea-00248cd11751}\Shell - "" = AutoRun
O33 - MountPoints2\{0b59ead3-dcdc-11de-85ea-00248cd11751}\Shell\AutoRun\command - "" = T:\hbcd\wintools\autorun.exe -- File not found
O33 - MountPoints2\{0b59ead3-dcdc-11de-85ea-00248cd11751}\Shell\Option1\Command - "" = T:\hbcd\wintools\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.ac3filter - ac3filter.acm ()
Drivers32:64bit: msacm.ac3filter64 - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.ffds - ff_vfw.dll ()
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/26 18:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/26 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Local\Adobe
[2010/10/26 16:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/26 16:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/10/25 22:21:45 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Roaming\Media Player Classic
[2010/10/24 09:14:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp
[2010/10/23 17:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/23 16:13:40 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Roaming\Macromedia
[2010/10/23 16:12:34 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Local\AVG Security Toolbar
[2010/10/23 16:12:02 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Roaming\Mozilla
[2010/10/23 16:12:02 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Local\Mozilla
[2010/10/23 15:57:02 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Roaming\Malwarebytes
[2010/10/23 15:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/23 14:37:42 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Roaming\WinRAR
[2010/10/23 14:11:31 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Roaming\Adobe
[2010/10/23 14:10:30 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Roaming\AVG10
[2010/10/23 14:10:19 | 000,000,000 | R--D | C] -- C:\Users\Admin.Home-PC\Searches
[2010/10/23 14:10:19 | 000,000,000 | -H-D | C] -- C:\Users\Admin.Home-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/23 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\Admin.Home-PC\AppData\Roaming\Identities
[2010/10/23 14:10:06 | 000,000,000 | R--D | C] -- C:\Users\Admin.Home-PC\Contacts
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Templates
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Start Menu
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\PrintHood
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\NetHood
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Home-PC\Documents\My Videos
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Home-PC\Documents\My Pictures
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Home-PC\Documents\My Music
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\My Documents
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Local Settings
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\History
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Application Data
[2010/10/23 14:09:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Application Data
[2010/10/23 14:09:50 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin.Home-PC\Videos
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin.Home-PC\Pictures
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin.Home-PC\Music
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin\My Documents
[2010/10/23 14:09:50 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2010/10/23 14:09:50 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2010/10/23 14:09:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
[2010/10/23 14:09:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2010/10/23 10:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/10/23 08:03:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/15 22:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/15 22:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/15 22:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/15 22:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/15 22:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/15 22:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/10/15 22:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/15 22:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/15 18:29:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/15 18:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/10/15 18:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/15 18:28:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/10/15 18:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/26 17:11:05 | 097,787,600 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/25 16:13:38 | 000,019,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 16:13:38 | 000,019,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 16:05:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/25 16:05:43 | 3019,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/25 05:34:28 | 000,797,126 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/25 05:34:28 | 000,672,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/25 05:34:28 | 000,126,050 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/23 18:37:41 | 000,451,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/23 18:26:29 | 000,790,582 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/23 18:03:21 | 000,299,754 | RHS- | M] () -- C:\MNDKO
[2010/10/23 18:03:21 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/10/23 16:12:07 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/23 05:46:55 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/22 15:55:51 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/17 00:25:02 | 000,000,775 | ---- | M] () -- C:\cleanup.bat
[2010/10/16 20:24:35 | 000,000,877 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2010/10/15 18:29:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/15 18:29:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/14 22:01:25 | 000,003,068 | ---- | M] () -- C:\Windows\SysWow64\•@
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/26 17:11:05 | 097,787,600 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/23 18:03:21 | 000,299,754 | RHS- | C] () -- C:\MNDKO
[2010/10/23 18:03:21 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/10/23 16:12:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/23 14:09:51 | 000,000,290 | ---- | C] () -- C:\Users\Admin.Home-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/23 14:09:51 | 000,000,272 | ---- | C] () -- C:\Users\Admin.Home-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/23 05:46:36 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/17 00:04:07 | 000,000,775 | ---- | C] () -- C:\cleanup.bat
[2010/10/14 22:00:55 | 000,003,068 | ---- | C] () -- C:\Windows\SysWow64\•@
[2010/07/26 10:13:40 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/07/14 21:11:30 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/17 10:03:55 | 000,667,136 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2010/03/31 18:16:06 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/03/17 16:00:35 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/21 22:55:42 | 000,012,155 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/11/19 23:03:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/08 14:36:32 | 000,790,582 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/08 03:23:16 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/11/08 03:21:37 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/11/08 03:21:37 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

========== LOP Check ==========

[2010/10/23 14:10:30 | 000,000,000 | ---D | M] -- C:\Users\Admin.Home-PC\AppData\Roaming\AVG10
[2010/08/11 12:47:30 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

Edited by 4ga10 1, 26 October 2010 - 10:33 PM.

  • 0

Advertisements

#2
4ga10 1
Posted 26 October 2010 - 10:20 PM

4ga10 1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
---was able to include the OTL log in the first post. please delete this one

Edited by 4ga10 1, 26 October 2010 - 10:30 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP