Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WIN32\Heur - Can't get hijackthis log


  • Please log in to reply

#1
jojogat

jojogat

    New Member

  • Member
  • Pip
  • 5 posts
Hi guys/gals,

Have Windows 7 and AVG10 (free version) and the resident shield popped up a threat warning:

File Name: C:\Program Files(x86)\AVG\AVG10/avgssie.dlll
Virus: WIN32\Heur

I downloaded and attempted to run Hijackthis but it gave me this error message:

"For some reason, your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may NOT be able to fix them. Edit the file yourself:

Notepad C:\Windows\System32\drivers\etc\hosts

and press enter. Find the lines Hijackthis reports and delete them. Save the file as 'hosts' (with quotes) and reboot."

I get as far as the etc but there is no hosts file within it.

Also just downloaded and ran OTL.

Can anyone help me from here please?
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,681 posts
  • MVP
Copy and Paste both your OTL log and your Extras log. Don't worry about Hijackthis. It doesn't understand Win 7.

Also:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
  • 0

#3
jojogat

jojogat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron, thank you for your help.

I'm not sure what you mean when you say "Extras" log. OTL only gave me one file - the OTL log.

Here is the OTL log. The "Fix" button is not enabled but the "FixMBR" button is enabled.

OTL logfile created on: 5/13/2011 9:04:13 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\exefiles
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 68.00% Memory free
11.00 Gb Paging File | 9.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.16 Gb Total Space | 865.43 Gb Free Space | 94.26% Space Free | Partition Type: NTFS
Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: JONI-HP | User Name: Joni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 19:39:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\exefiles\OTL.com
PRC - [2011/04/29 10:00:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/13 20:40:14 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011/04/08 04:59:02 | 002,536,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Crawler\Toolbar\CToolbar.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/28 09:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/08/20 18:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/07/28 02:23:50 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/02/04 18:35:10 | 001,149,440 | ---- | M] () -- C:\sh10\sh10.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 19:39:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\exefiles\OTL.com
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/03 20:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 20:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/05/11 08:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/02 12:36:22 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/04/13 20:40:14 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/28 09:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/08/20 18:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/30 17:17:00 | 000,118,352 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:58 | 000,376,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/19 04:32:56 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 06:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 06:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 20:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/07/07 11:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2010/05/11 08:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 07:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://mystart.incre...m/?a=ICeKkzBK8M
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...13&form=ZGAPHP"
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/05/12 17:26:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011/04/13 20:40:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/29 10:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/05 15:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joni\AppData\Roaming\Mozilla\Extensions
[2011/04/20 00:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joni\AppData\Roaming\Mozilla\Firefox\Profiles\qq7hodyk.default\extensions
[2011/04/20 00:51:39 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Joni\AppData\Roaming\Mozilla\Firefox\Profiles\qq7hodyk.default\extensions\[email protected]
[2011/04/20 00:51:40 | 000,001,919 | ---- | M] () -- C:\Users\Joni\AppData\Roaming\Mozilla\Firefox\Profiles\qq7hodyk.default\searchplugins\bing-zugo.xml
[2011/04/23 02:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/19 14:12:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/23 02:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/12 17:26:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/04/13 20:40:36 | 000,000,000 | ---D | M] (Crawler Toolbar) -- C:\PROGRAM FILES (X86)\CRAWLER\TOOLBAR\FIREFOX
[2011/04/29 10:00:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Corel Photo Downloader] c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} https://installers.s...NInstaller2.cab (DNInstallerOCX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.105.128.61
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 19:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/12 19:19:22 | 000,000,000 | ---D | C] -- C:\Users\Joni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/12 17:47:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/06 13:56:07 | 000,000,000 | ---D | C] -- C:\Users\Joni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paint Shop Pro 5
[2011/05/06 13:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint Shop Pro 5
[2011/05/06 13:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paint Shop Pro 5
[2011/05/06 13:45:26 | 000,000,000 | ---D | C] -- C:\Users\Joni\AppData\Roaming\Nikon
[2011/05/06 13:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2011/05/06 13:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2011/05/06 13:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2011/05/06 13:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2011/05/06 13:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2011/04/24 14:48:24 | 000,000,000 | ---D | C] -- C:\Gardening
[2011/04/23 09:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/04/20 01:01:44 | 000,000,000 | ---D | C] -- C:\Users\Joni\AppData\Local\CrashDumps
[2011/04/20 00:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2011/04/20 00:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/04/20 00:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011/04/19 14:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/19 14:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/04/18 02:21:50 | 000,000,000 | ---D | C] -- C:\Users\Joni\AppData\Roaming\CyberLink
[2011/04/18 02:21:46 | 000,000,000 | ---D | C] -- C:\Users\Joni\AppData\Local\CyberLink
[2011/04/18 02:21:44 | 000,000,000 | ---D | C] -- C:\Users\Joni\AppData\Local\PowerCinema
[2011/04/15 19:50:03 | 000,000,000 | ---D | C] -- C:\C2C
[2011/04/13 20:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2011/04/13 20:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2011/04/13 20:40:13 | 000,000,000 | ---D | C] -- C:\Users\Joni\AppData\Roaming\Spyware Terminator
[2011/04/13 20:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011/04/13 20:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011/04/13 20:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/13 03:26:47 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 03:26:47 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 03:23:45 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/13 03:23:45 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/13 03:23:45 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/13 03:19:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/13 03:18:55 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/12 23:10:30 | 000,000,112 | ---- | M] () -- C:\Users\Joni\Desktop\ark.zip
[2011/05/12 23:10:14 | 000,003,092 | ---- | M] () -- C:\Users\Joni\Desktop\Attach.zip
[2011/05/12 19:27:21 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJoni.job
[2011/05/12 19:19:22 | 000,002,971 | ---- | M] () -- C:\Users\Joni\Desktop\HiJackThis.lnk
[2011/05/06 13:50:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/05/06 13:33:54 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Synth Leads
[2011/05/06 13:33:54 | 000,000,268 | RH-- | M] () -- C:\Users\Joni\AppData\Roaming\SupportPrinters
[2011/05/06 13:33:54 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Techno Kit
[2011/05/06 08:54:18 | 114,313,348 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/05/04 21:20:19 | 000,003,140 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/04 21:07:25 | 000,005,120 | ---- | M] () -- C:\Users\Joni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 20:57:29 | 000,000,088 | RHS- | M] () -- C:\ProgramData\4006ADA342.sys
[2011/04/27 03:25:36 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/21 14:51:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/04/18 11:32:13 | 000,001,684 | ---- | M] () -- C:\Users\Joni\Desktop\WINWORD - Shortcut.lnk
[2011/04/13 20:42:04 | 000,001,152 | ---- | M] () -- C:\Users\Joni\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011/04/13 20:42:04 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011/04/13 12:26:44 | 000,425,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 23:10:30 | 000,000,112 | ---- | C] () -- C:\Users\Joni\Desktop\ark.zip
[2011/05/12 23:10:14 | 000,003,092 | ---- | C] () -- C:\Users\Joni\Desktop\Attach.zip
[2011/05/12 19:19:22 | 000,002,971 | ---- | C] () -- C:\Users\Joni\Desktop\HiJackThis.lnk
[2011/05/12 18:45:20 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJoni.job
[2011/05/06 13:33:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2011/05/06 13:33:54 | 000,000,268 | RH-- | C] () -- C:\Users\Joni\AppData\Roaming\SupportPrinters
[2011/05/06 13:33:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/05/06 13:33:54 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Techno Kit
[2011/04/21 14:51:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/04/20 00:51:36 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/20 00:51:36 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/20 00:51:36 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/04/18 11:32:13 | 000,001,684 | ---- | C] () -- C:\Users\Joni\Desktop\WINWORD - Shortcut.lnk
[2011/04/13 20:42:04 | 000,001,152 | ---- | C] () -- C:\Users\Joni\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011/04/13 20:42:04 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011/04/06 23:27:14 | 000,148,195 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2011/04/06 23:20:34 | 000,005,120 | ---- | C] () -- C:\Users\Joni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/06 23:16:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4006ADA342.sys
[2011/04/06 23:16:22 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/05 20:53:46 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/05 15:31:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/10 12:49:40 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/10 12:07:32 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/12/10 11:53:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2001/08/08 09:44:34 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\pspveccomm.ini
[2001/05/03 08:03:58 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\smcelp32.ini
[1999/11/05 10:42:36 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\pspusbct.ini
[1999/10/08 14:58:24 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\pspusblb.ini
[1998/12/11 11:55:00 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\pspsbext.ini
[1998/08/10 14:04:00 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\pspfidrv.ini
[1998/08/10 14:04:00 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\pspaudrv.ini
[1998/08/10 14:03:00 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\pspapdrv.ini
[1998/08/10 14:03:00 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\mcipspwa.ini
[1998/08/10 14:03:00 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\mcipspct.ini
[1998/08/10 14:02:00 | 000,000,221 | ---- | C] () -- C:\Windows\SysWow64\pspfbase.ini
[1998/08/10 14:02:00 | 000,000,220 | ---- | C] () -- C:\Windows\SysWow64\pspwave.ini
[1998/08/10 14:02:00 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\pspdss.ini
[1998/08/10 14:02:00 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\pspddi.ini

========== LOP Check ==========

[2011/04/09 22:19:26 | 000,000,000 | ---D | M] -- C:\Users\Joni\AppData\Roaming\AVG10
[2011/04/09 21:18:50 | 000,000,000 | ---D | M] -- C:\Users\Joni\AppData\Roaming\Blio
[2011/05/06 13:45:54 | 000,000,000 | ---D | M] -- C:\Users\Joni\AppData\Roaming\Nikon
[2011/04/05 15:27:32 | 000,000,000 | ---D | M] -- C:\Users\Joni\AppData\Roaming\PictureMover
[2011/04/06 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Joni\AppData\Roaming\SoftGrid Client
[2011/05/12 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\Joni\AppData\Roaming\Spyware Terminator
[2011/04/05 20:54:18 | 000,000,000 | ---D | M] -- C:\Users\Joni\AppData\Roaming\TP
[2009/07/13 22:08:49 | 000,008,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Here is the aswMBR file:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-13 09:06:45
-----------------------------
09:06:45.071 OS Version: Windows x64 6.1.7600
09:06:45.071 Number of processors: 4 586 0xA00
09:06:45.072 ComputerName: JONI-HP UserName: Joni
09:06:47.519 Initialize success
09:06:49.564 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
09:06:49.565 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
09:06:51.575 Disk 0 MBR read successfully
09:06:51.581 Disk 0 MBR scan
09:06:51.585 Disk 0 unknown MBR code
09:06:51.610 Service scanning
09:06:52.938 Disk 0 trace - called modules:
09:06:52.975 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:06:52.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005bac790]
09:06:52.981 3 CLASSPNP.SYS[fffff880018c343f] -> nt!IofCallDriver -> [0xfffffa80059ecac0]
09:06:52.984 5 amd_xata.sys[fffff880010e58b4] -> nt!IofCallDriver -> \Device\00000058[0xfffffa80059e79c0]
09:06:52.987 Scan finished successfully
09:13:15.248 Disk 0 MBR has been saved successfully to "C:\Users\Joni\Desktop\MBR.dat"
09:13:15.248 The log file has been saved successfully to "C:\Users\Joni\Desktop\aswMBR.txt"
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,681 posts
  • MVP
No sign of an infection. It appears that AVG thinks one of its own files is infected. Probably a false positive but you can try submitting the C:\Program Files(x86)\AVG\AVG10/avgssie.dlll file to http://virustotal.com and see what they say.

You can run the ESET online scan and see what it says:

Use IE (You may need to right click on it and Run As Administrator) and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Extras only comes the first time so you may have run it sometime in the past.
Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Ron
  • 0

#5
jojogat

jojogat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for your reply. I'll have to wait and try this tonight. FWIW though, whatever it is is affecting my work software (I'm a medical transcriptionist), my connection speeds and now I can't even get AVG to run a scan. So 'something's' wrong.

Anyway will try your suggestions later this evening and thanks again for all your help!
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,681 posts
  • MVP
Try and get AVG to update. IF it's a false positive it will probably get fixed in the next update.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


IF that doesn't help then:

Download and Save the free Avast from
http://www.avast.com...ivirus-download

Uninstall AVG then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe


Replace AVG with the free Avast!
Right click on the Avast installer you downloaded earlier and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Ron
  • 0

#7
jojogat

jojogat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you so much for your excellent instructions and for being so patient. I hope I didn't leave anything out!


This is what I got when I ran the file name through VirusTotal:

File name:
avgssie.dll
Submission date:
2011-05-13 19:50:25 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)

******


I finally was able to get AVG to update and it ran a full scan. It found 3 threats; the first one it automatically removed/healed and the 2nd two, which it did not remove, are:

C:\Windows\winsxs\amd64_microsoft-windows-p...(long file name) Corrupted executable file Potentially dangerous object

C:\Windows\System32\printui.dll Corrupted executable file Object is white-listed (critical/system file that should not be removed)

I wasn't sure if I should tell it to remove that first one or not.

******

I should note that it does seem to be running a little better now since the AVG scan, but I haven't tried to work on it yet. I should also mention that my Win 7 is registered to me, but this computer is only a couple of months old. When I went to make the install/boot disks, I discovered I didn't have the correct CDs, and then forgot to get them. Grrr.

******

Here is the result of the ESET scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=f3edc5b6a416da4b8ed3805e1b8977c8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-13 09:16:06
# local_time=2011-05-13 02:16:06 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1032 16777213 100 88 0 47654594 0 0
# compatibility_mode=5893 16776574 100 94 2119423 56861652 0 0
# compatibility_mode=7937 16777213 100 100 0 13711096 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=225662
# found=3
# cleaned=0
# scan_time=3164
C:\exefiles\Xvid-Setup-dm-5.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Toolbar.Zugo application 00000000000000000000000000000000 I


******

OTL: When I right click on the file name, OTL.com, it doesn't give me the option to "Run as Administrator." When I tell it to place a shortcut on the desktop, it comes back with an error message saying the disk is full (which it's not).


******


Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6569

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/13/2011 2:54:57 PM
mbam-log-2011-05-13 (14-54-57).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Objects scanned: 363350
Time elapsed: 21 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\exefiles\xvid-setup-dm-5.exe (Adware.Searchbar) -> Quarantined and deleted successfully.


I'll wait for further instructions to see if you still want me to do the AVG uninstall and installation of AVAST.

Thanks again!
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,681 posts
  • MVP
ESET doesn't like your Zugo toolbar. See if you can uninstall it.

I'm a big fan of Avast so go ahead and do it.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run,

Start, All Programs, Accessories then right click on Command Prompt and type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#9
jojogat

jojogat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron,

Okay, I ran an AVAST scan - if it found anything, it automatically deleted it.

I also ran Malwarebytes - same thing.

I'm not sure how to get rid of the Zugo toolbar, which I didn't (intentionally) install and isn't listed in the Add/Remove Programs in Control Panel.

I got as far as this in your instructions:

"1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish."

Ran that scan, but then before I had a chance to go any further, I had to go to work. I don't know what we did, but *knock on wood* it seems to be running fine now. LOL My work software seemed fine last night and my connection speeds are back up to where they're supposed to be! THANK YOU! I'm going to give it a few days, see if I have any more trouble and if so I'll continue on with your instructions and will be back. I'm really hoping the problem is solved though! Thank you so much for your patience!
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,681 posts
  • MVP
We can manually remove the toolbar which came as part of Xvid.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

This will let me see where we are now.

If you want to see if Avast found anything you can click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results.



Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP