Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Security virus?


  • This topic is locked This topic is locked
30 replies to this topic

#1 NeilRC

NeilRC

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 18 March 2010 - 09:51 PM

A window appeared encouraging me to download XP security. It cost $49.95 (luckily the charge didn't go through, and the card has since been cancelled)

It immediately disabled AVG anti-virus. Gradually it also disabled application icons. If you click on any application, a message appears saying windows is unable to find it.
If you go in through My Computer, you can open applications by clicking on a file. ie. A word document will open if clicking on a .doc file. Some apps will open if you right click and choose 'start'.

We managed to get IE to open, using the method described above, but it will not connect to the Internet. My daughter is typing this for me on her Mac.

We ran Malwarebytes (using the right-click and choosing 'start' method) and it did find some infections which it removed, however it didn't fix the problem. (We weren't able to update Malwarebytes before running the scan)
We have followed the advice from this forum topic: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Interestingly, after running the advised programs, if you click on an icon we no longer get the windows is unable to find error message. It just hangs with an hourglass.

We have had to risk putting the attachments on USB and transferring them to the mac, because we can't access the internet.


DDS (Ver_10-03-17.01) - NTFSx86
Run by computer at 13:21:10.81 on Fri 03/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1477 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\Program Files\AVG\AVG9\avgchsvx.exe
F:\Program Files\AVG\AVG9\avgrsx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\AVG\AVG9\avgcsrvx.exe
F:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
F:\WINDOWS\Explorer.EXE
svchost.exe
F:\Program Files\AVG\AVG9\avgwdsvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\AVG\AVG9\avgnsx.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\system32\ctfmon.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - f:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [MoneyAgent] "f:\program files\microsoft money\system\mnyexpr.exe"
uRun: [swg] f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [Persistence] f:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Microsoft Works Update Detection] f:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [AVG9_TRAY] f:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "f:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "f:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: f:\docume~1\computer\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - f:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - f:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264482626015
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2009-3-24 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;f:\windows\system32\drivers\avgmfx86.sys [2009-3-24 29512]
R1 AvgTdiX;AVG8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [2009-3-24 242696]
R2 avg9wd;AVG Free WatchDog;f:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
S2 gupdate1c9fd2dc3b6206;Google Update Service (gupdate1c9fd2dc3b6206);f:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104]

=============== Created Last 30 ================

2010-03-19 02:20:23 0 ----a-w- f:\documents and settings\computer\defogger_reenable
2010-03-19 01:11:37 0 d-----w- f:\docume~1\computer\applic~1\Malwarebytes
2010-03-19 01:11:33 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 01:11:32 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-03-19 01:11:32 0 d-----w- f:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-19 01:11:31 0 d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-03-17 00:36:05 20480 ----a-w- f:\windows\system32\nnfj.tqo
2010-03-15 11:45:19 3255 ----a-w- f:\windows\system32\wbem\Outlook_01cac434fccbb012.mof
2010-03-12 01:27:46 12464 ----a-w- f:\windows\system32\avgrsstx.dll
2010-03-11 01:15:58 0 d-----w- f:\documents and settings\computer\.gimp-2.6
2010-03-11 01:15:04 0 d-----w- f:\program files\GIMP-2.0
2010-03-04 01:00:27 29 ----a-w- f:\windows\DEBUGSM.INI
2010-03-04 00:45:48 0 d-----w- f:\windows\Profiles
2010-03-04 00:45:45 0 d-----w- f:\windows\system32\Adobe
2010-03-04 00:43:07 163840 ----a-w- f:\windows\system32\PhotoImpression Screen Saver.scr
2010-03-04 00:42:42 212480 ----a-w- f:\windows\pcdlib32.dll
2010-03-04 00:39:41 708696 ----a-w- f:\windows\system32\python21.dll
2010-03-04 00:39:41 57344 ----a-w- f:\windows\system32\PyWinTypes21.dll
2010-03-04 00:39:41 290919 ----a-w- f:\windows\system32\pythoncom21.dll
2010-03-04 00:39:40 0 d-----w- f:\program files\common files\Python
2010-03-04 00:38:32 306688 ----a-w- f:\windows\IsUninst.exe
2010-03-04 00:37:49 96768 ----a-w- f:\windows\SlantAdj.dll
2010-03-04 00:37:49 73216 ----a-w- f:\windows\ADE.DLL
2010-03-04 00:37:49 72 ----a-w- f:\windows\system32\epDPE.ini
2010-03-04 00:37:49 3136 ----a-w- f:\windows\Ade001.bin
2010-03-04 00:37:18 0 d-----w- f:\program files\EPSON
2010-03-04 00:36:01 47104 ----a-w- f:\windows\system32\escimgn.dll
2010-03-04 00:36:01 35840 ----a-w- f:\windows\system32\escwian.dll
2010-03-04 00:36:01 32256 ----a-w- f:\windows\system32\escwiab.dll
2010-03-04 00:36:01 27648 ----a-w- f:\windows\system32\escimg.dll
2010-03-04 00:36:01 23552 ----a-w- f:\windows\system32\esccmn.dll
2010-03-04 00:36:00 86016 ----a-w- f:\windows\system32\Epfb5cpl.dll
2010-03-04 00:36:00 33280 ----a-w- f:\windows\system32\esccm.dll
2010-03-04 00:35:59 53248 ----a-w- f:\windows\system32\ESICM.dll
2010-03-04 00:35:58 90112 ----a-w- f:\windows\system32\epcomdd.dll
2010-03-04 00:35:58 176128 ----a-w- f:\windows\system32\ESDTR.dll
2010-03-04 00:35:58 126976 ----a-w- f:\windows\system32\Esint23.dll
2010-03-04 00:35:58 0 d-----w- F:\EPSON
2010-02-25 08:26:42 0 ---ha-w- F:\hpothb07.tif
2010-02-25 08:26:42 0 ---ha-w- F:\hpothb07.dat
2010-02-25 08:24:21 18970 ---ha-w- f:\windows\hpothb07.dat
2010-02-25 08:24:13 4265444 ---ha-w- f:\windows\hpothb07.tif
2010-02-25 02:27:40 0 ---ha-w- f:\documents and settings\computer\hpothb07.tif
2010-02-25 02:27:40 0 ---ha-w- f:\documents and settings\computer\hpothb07.dat
2010-02-23 00:32:40 214 ----a-w- f:\windows\HP_48BitScanUpdatePatch.ini
2010-02-23 00:32:00 0 d-----w- f:\temp\FixEngine
2010-02-23 00:32:00 0 d-----w- F:\temp
2010-02-23 00:30:23 0 d-----w- f:\program files\Hp
2010-02-23 00:30:21 0 d-----w- f:\windows\Downloaded Installations
2010-02-22 06:34:22 376 ---ha-w- f:\docume~1\computer\applic~1\hpothb07.dat
2010-02-20 03:49:53 20454 ----a-w- f:\windows\hpoins01.dat
2010-02-20 03:49:53 16618 ------w- f:\windows\hpomdl01.dat
2010-02-20 03:43:47 0 d-----w- f:\windows\system32\NtmsData
2010-02-19 23:47:50 3604480 ----a-w- f:\windows\system32\GPhotos.scr
2010-02-18 04:34:04 35840 ----a-w- f:\windows\system32\drivers\AFS2K.SYS
2010-02-18 04:18:41 94208 ----a-r- f:\windows\system32\HPZipt12.dll
2010-02-18 04:18:41 65795 ----a-r- f:\windows\system32\HPZipm12.exe
2010-02-18 04:18:41 61699 ----a-r- f:\windows\system32\HPZinw12.exe
2010-02-18 04:18:41 57344 ----a-r- f:\windows\system32\HPZisn12.dll
2010-02-18 04:18:41 233528 ----a-r- f:\windows\system32\HPZidr12.dll
2010-02-18 04:18:41 167936 ----a-r- f:\windows\system32\HPZipr12.dll
2010-02-18 04:18:41 16080 ----a-r- f:\windows\system32\drivers\HPZipr12.sys
2010-02-18 04:18:40 51024 ----a-r- f:\windows\system32\drivers\hpzid412.sys
2010-02-18 04:18:19 21456 ----a-r- f:\windows\system32\drivers\HPZius12.sys
2010-02-18 04:18:15 25856 -c--a-w- f:\windows\system32\dllcache\usbprint.sys
2010-02-18 04:18:15 25856 ----a-w- f:\windows\system32\drivers\usbprint.sys
2010-02-18 04:17:59 15104 -c--a-w- f:\windows\system32\dllcache\usbscan.sys
2010-02-18 04:17:59 15104 ----a-w- f:\windows\system32\drivers\usbscan.sys
2010-02-18 04:17:55 32128 -c--a-w- f:\windows\system32\dllcache\usbccgp.sys
2010-02-18 04:17:55 32128 ----a-w- f:\windows\system32\drivers\usbccgp.sys
2010-02-18 03:55:17 0 d-----w- f:\program files\common files\Hewlett-Packard

==================== Find3M ====================

2010-03-18 03:14:18 19232 ----a-w- f:\docume~1\computer\applic~1\wklnhst.dat
2010-03-12 01:27:48 242696 ----a-w- f:\windows\system32\drivers\avgtdix.sys
2010-03-12 01:27:41 216200 ----a-w- f:\windows\system32\drivers\avgldx86.sys
2009-12-21 19:14:05 916480 ----a-w- f:\windows\system32\wininet.dll

============= FINISH: 13:21:29.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:16 AM

Posted 19 March 2010 - 06:30 AM

Hello my name is Sempai and welcome to Bleeping Computer. smile.gif
*We apologize for the delay. Forum have been busy.

* Please stay with me until I declare that your computer is clean as most users don't reply anymore once they found out that their computer is running smoothly, but absence of symptoms does not mean that a computer is free from infection.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.



+++++++++++++++++

We need to download the following tools using a clean PC.
  1. ERUNT
  2. FixExe.reg


Once you have downloaded all the necessary files to a removable device, you need to plug it into your infected computer so it can access them.


1. Backup Your Registry with ERUNT
  • Using the other PC to access internet and follow the detailed instructions HERE on how to install and run ERUNT.
  • Locate ERUNT on your removable device and run it.


2. Make sure XP Security is running. If it is not, you can launch it by running any program on your computer as that will trigger the rogue program to run.
  • Once running, do not close it.
  • Now, locate FixExe.reg file on your removable device and double click on it.
  • When Windows prompts whether or not you want to allow the data to be added to your computer, click on the Yes button.


3. Please run your Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Please tell me in your next post if you can now access internet so that I can adjust my next fix accordingly. Thanks.

~Semp


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:16 AM

Posted 23 March 2010 - 05:35 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopenedů please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:16 AM

Posted 25 March 2010 - 08:06 AM

Topic reopened by user request.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 NeilRC

NeilRC
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 25 March 2010 - 07:10 PM

Hi sempai,

Firstly, thank you for re-opening the topic.
I have followed your instructions as best as I could, but had a couple of hiccups along the way.

I ran ERUNT with no problem.
Locating XP security was a problem. By the time I got a chance to look at the PC for the first time, after Dad had dowloaded it, the icon for it had disappeared from the sys tray and desktop. I can't find it in the start menu either. The only thing I could think of that might make it run was clicking on a desktop icon, as perviously they would all give the message saying windows was unable to locate. I tried AVG first, as it was the first one to be disabled. It opened! Word also opened. IE did not however. I got the following message:

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them."

Then a window popped up from AVG. I will attach a screen shot (avgalert1.doc) (I hope you can scan the file before opening it, I can't think of another way to show you what I mean). I left this alone, and attempted to continue with your instructions. I opened Malwarebytes, but it would not update. I got the following message:

"An error occured. Please report the following error code to the Malwarebytes Anti-malware support team. Error code: 732 (12007,0)"

I went ahead and ran a full scan using Malwarebytes anyway. While I was scanning, The AVG alert changed. I made another screen shot (AVGalert2.doc)

Malwarebytes finished the full scan, but found nothing. I'll paste the log below. I did notice some stuff in quarantine, that was there before the scan. I'll attach a screen shot (malwarequarantine.doc).

I was unable to connect to the internet. The IE desktop icon still won't open. It now asks which program would I like to open it with. It will open through the start menu, but doesn't connect. I got a message on screen, from the sys tray that said I had limited or no connectivity. I clicked for more info and have attached another screen shot (connection status.doc).

Thanks for your continued help. Pasted below is the malwarebytes log.
Crystal.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/26/2010 10:55:43 AM
mbam-log-2010-03-26 (10-55-43).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|)
Objects scanned: 164591
Time elapsed: 24 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:16 AM

Posted 26 March 2010 - 04:52 AM

Hi Crystal, smile.gif

Thanks for those logs, they are really helpful. It seems that my previous instructions was already done by your Dad, the date of MBAM quarantine report is the same when I made my first post.

It's Been a week since logs are posted by your Dad, we need to create new and updated logs so we can clearly identify the problem/s.

Since the infected computer can't connect to internet, we will be needing to use another PC until we can establish a connection. Use the clean PC to download the tools and transfer them on your infected PC using a flash/removable drive.

After doing the instructions below, please tell me any progress or changes to the problems you stated. Thanks.

++++++++++++++++++++++


1. Please run Flash Disinfector on your clean and infected PC.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



2. Download FixPolicies (by Bill Castner) --> HERE
  • Download a self-extracting ZIP archive to your Desktop.
  • Double-click FixPolicies.exe to run the program.
  • Click the Install button.
  • The program will create a new Folder called FixPolicies.
  • Open FixPolicies folder and Double click on Fix_Policies.cmd.
    (For Vista, Right-click the file Fix_Policies.cmd and select Run As Administrator).
  • A blackwindow will briefly appear and then close automatically.
Note: This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.



3. Please create a new DDS report. Post it when you reply.


~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 NeilRC

NeilRC
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 27 March 2010 - 08:03 PM

Hi sempai,

Thanks for the new instructions. Because of work commitments, it will be at least another 4 or 5 days before I can get back to my Dad's house to try the new lot of instructions.

One slight problem however, my clean PC is a Mac. I can download and exe on it, but can't run it.

I will get back to you as soon as I can, I promise. Please leave topic open until I reply.

We very much appreciate your help,
Crystal.

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:16 AM

Posted 27 March 2010 - 09:02 PM

OK no problem. Just run flash Disinfector on the infected PC. Thanks. smile.gif

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 NeilRC

NeilRC
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 31 March 2010 - 10:32 PM

Hi Semp,

I have completed the new instructions. Pasted below is the new DDS report. I assume you want the attach as well. I have attached it.

There is still no internet connection. I keep getting a message saying there is little or no connectivity.
When I look into it further it says the network did not assign network address to the computer.

The internet connection itself is fine, because I am using the same cable plugged into my iBook. I've been swapping it back and forth as needed.

Cheers,
Crystal.

DDS (Ver_10-03-17.01) - NTFSx86
Run by computer at 14:21:10.68 on Thu 04/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1552 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\Program Files\AVG\AVG9\avgchsvx.exe
F:\Program Files\AVG\AVG9\avgrsx.exe
F:\Program Files\AVG\AVG9\avgcsrvx.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Program Files\AVG\AVG9\avgwdsvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Google\Update\GoogleUpdate.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\RTHDCPL.EXE
F:\WINDOWS\system32\igfxsrvc.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
F:\PROGRA~1\AVG\AVG9\avgtray.exe
F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\AVG\AVG9\avgnsx.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
F:\Program Files\OpenOffice.org 2.0\program\soffice.exe
F:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
F:\Documents and Settings\computer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - f:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [MoneyAgent] "f:\program files\microsoft money\system\mnyexpr.exe"
uRun: [swg] f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [Persistence] f:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Microsoft Works Update Detection] f:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [AVG9_TRAY] f:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "f:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: f:\docume~1\computer\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - f:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - f:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264482626015
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2009-3-24 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;f:\windows\system32\drivers\avgmfx86.sys [2009-3-24 29512]
R1 AvgTdiX;AVG8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [2009-3-24 242696]
R2 avg9wd;AVG Free WatchDog;f:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
S2 gupdate1c9fd2dc3b6206;Google Update Service (gupdate1c9fd2dc3b6206);f:\program files\google\update\GoogleUpdate.exe [2009-7-5 133104]

=============== Created Last 30 ================

2010-04-01 03:16:23 0 d-sha-r- F:\autorun.inf
2010-03-19 02:20:23 0 ----a-w- f:\documents and settings\computer\defogger_reenable
2010-03-19 01:11:37 0 d-----w- f:\docume~1\computer\applic~1\Malwarebytes
2010-03-19 01:11:33 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-03-19 01:11:32 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-03-19 01:11:32 0 d-----w- f:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-19 01:11:31 0 d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-03-17 00:36:05 20480 ----a-w- f:\windows\system32\nnfj.tqo
2010-03-15 11:45:19 3255 ----a-w- f:\windows\system32\wbem\Outlook_01cac434fccbb012.mof
2010-03-12 01:27:46 12464 ----a-w- f:\windows\system32\avgrsstx.dll
2010-03-11 01:15:58 0 d-----w- f:\documents and settings\computer\.gimp-2.6
2010-03-11 01:15:04 0 d-----w- f:\program files\GIMP-2.0
2010-03-04 01:00:27 29 ----a-w- f:\windows\DEBUGSM.INI
2010-03-04 00:45:48 0 d-----w- f:\windows\Profiles
2010-03-04 00:45:45 0 d-----w- f:\windows\system32\Adobe
2010-03-04 00:43:07 163840 ----a-w- f:\windows\system32\PhotoImpression Screen Saver.scr
2010-03-04 00:42:42 212480 ----a-w- f:\windows\pcdlib32.dll
2010-03-04 00:39:41 708696 ----a-w- f:\windows\system32\python21.dll
2010-03-04 00:39:41 57344 ----a-w- f:\windows\system32\PyWinTypes21.dll
2010-03-04 00:39:41 290919 ----a-w- f:\windows\system32\pythoncom21.dll
2010-03-04 00:39:40 0 d-----w- f:\program files\common files\Python
2010-03-04 00:38:32 306688 ----a-w- f:\windows\IsUninst.exe
2010-03-04 00:37:49 96768 ----a-w- f:\windows\SlantAdj.dll
2010-03-04 00:37:49 73216 ----a-w- f:\windows\ADE.DLL
2010-03-04 00:37:49 72 ----a-w- f:\windows\system32\epDPE.ini
2010-03-04 00:37:49 3136 ----a-w- f:\windows\Ade001.bin
2010-03-04 00:37:18 0 d-----w- f:\program files\EPSON
2010-03-04 00:36:01 47104 ----a-w- f:\windows\system32\escimgn.dll
2010-03-04 00:36:01 35840 ----a-w- f:\windows\system32\escwian.dll
2010-03-04 00:36:01 32256 ----a-w- f:\windows\system32\escwiab.dll
2010-03-04 00:36:01 27648 ----a-w- f:\windows\system32\escimg.dll
2010-03-04 00:36:01 23552 ----a-w- f:\windows\system32\esccmn.dll
2010-03-04 00:36:00 86016 ----a-w- f:\windows\system32\Epfb5cpl.dll
2010-03-04 00:36:00 33280 ----a-w- f:\windows\system32\esccm.dll
2010-03-04 00:35:59 53248 ----a-w- f:\windows\system32\ESICM.dll
2010-03-04 00:35:58 90112 ----a-w- f:\windows\system32\epcomdd.dll
2010-03-04 00:35:58 176128 ----a-w- f:\windows\system32\ESDTR.dll
2010-03-04 00:35:58 126976 ----a-w- f:\windows\system32\Esint23.dll
2010-03-04 00:35:58 0 d-----w- F:\EPSON

==================== Find3M ====================

2010-03-26 00:04:06 19458 ----a-w- f:\docume~1\computer\applic~1\wklnhst.dat
2010-03-12 01:27:48 242696 ----a-w- f:\windows\system32\drivers\avgtdix.sys
2010-03-12 01:27:41 216200 ----a-w- f:\windows\system32\drivers\avgldx86.sys
2010-03-01 06:30:19 0 ---ha-w- f:\documents and settings\computer\hpothb07.dat
2010-02-26 07:28:28 376 ---ha-w- f:\docume~1\computer\applic~1\hpothb07.dat
2010-02-26 07:28:08 0 ---ha-w- F:\hpothb07.dat
2010-02-25 08:24:21 18970 ---ha-w- f:\windows\hpothb07.dat
2010-02-20 04:08:21 20454 ----a-w- f:\windows\hpoins01.dat
2010-02-19 23:47:50 3604480 ----a-w- f:\windows\system32\GPhotos.scr

============= FINISH: 14:21:37.25 ===============

Attached Files



#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:16 AM

Posted 01 April 2010 - 09:46 AM

Hi Crystal,

When did you install AVG9? Does the internet problem started at the same time when you updated to AVG9?

+++++++++++++++++++++++++


1. We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Open on your desktop.
  3. Click the tab.
  4. Click the button.
  5. Check all seven boxes:
  6. Push Ok
  7. Check the box for your main system drive (Usually C:), and press Ok.
  8. Allow RootRepeal to run a scan of your system. This may take some time.
  9. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply.



2. Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy and Paste the following code into the Custom Scan box. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them when you reply.

~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 NeilRC

NeilRC
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 01 April 2010 - 08:04 PM

Hi Semp,

Sorry I can't tell you when he installed AVG9. However the internet was working right up until he downloaded the XP virus, and AVG would've been installed well before then. From what he tells me, it looks like AVG was the firs to die. It does open now though.
Do you think AVG9 could be a problem?

Thanks for the new set of instructions. I won't be able to do anything with them for a few days. I'd be grateful if you would keep the topic open until I get a chance to reply.

Thanks again for your help, we both really appreciate it.

Crystal.

#12 NeilRC

NeilRC
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 08 April 2010 - 09:51 PM

Hi Semp,

Thanks for being patient with the long periods between replies. I can only get to Dad's house once or twice a week. He is only a beginner on the PC himself, so the topic is over his head & he can't do it in my absence.

Here are the reports you requested.

Cheers,
Crystal.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/04/09 12:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: F:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA803C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: F:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA620000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: F:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA70EE000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==


OTL.txt

OTL logfile created on: 4/9/2010 12:40:45 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = F:\Documents and Settings\computer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.75 Gb Total Space | 452.59 Gb Free Space | 97.17% Space Free | Partition Type: NTFS
Drive G: | 986.20 Mb Total Space | 977.45 Mb Free Space | 99.11% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-257495
Current User Name: computer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/04 01:01:42 | 000,561,664 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\computer\Desktop\OTL.exe
PRC - [2010/03/12 11:27:49 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/12 11:27:47 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 11:27:46 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/12 11:27:44 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 11:27:41 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/12 11:27:40 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/28 14:14:19 | 000,135,664 | ---- | M] (Google Inc.) -- F:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2005/12/15 09:06:58 | 000,577,536 | ---- | M] (OpenOffice.org) -- F:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2005/12/15 09:06:56 | 000,434,176 | ---- | M] (OpenOffice.org) -- F:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2003/04/09 17:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 16:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 16:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 16:42:06 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe


========== Modules (SafeList) ==========

MOD - [2010/04/04 01:01:42 | 000,561,664 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\computer\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/12 11:27:44 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2003/04/12 05:18:56 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- F:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/03/12 11:27:48 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 11:27:46 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- F:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 11:27:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/07/03 19:03:14 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/19 13:32:12 | 005,854,688 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2004/10/08 11:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/14 22:00:00 | 000,000,734 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] F:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [MoneyAgent] F:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: F:\Documents and Settings\computer\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = F:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O12 - Plugin for: .spop - F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1264482626015 (MUWebControl Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - F:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - F:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: F:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/01 13:16:23 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/01 14:16:24 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - F:\WINDOWS\system32\ias [2009/03/23 23:19:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - F:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - F:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - F:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - F:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - F:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "F:\WINDOWS\system32\rundll32.exe" "F:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - F:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - F:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - F:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - F:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - F:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - F:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - F:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 12:31:08 | 000,561,664 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\computer\Desktop\OTL.exe
[2010/04/09 12:30:46 | 000,472,064 | ---- | C] ( ) -- F:\Documents and Settings\computer\Desktop\RootRepeal.exe
[2010/04/01 13:20:28 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\Desktop\FixPolicies
[2010/04/01 13:16:23 | 000,000,000 | RHSD | C] -- F:\autorun.inf
[2010/03/26 09:18:57 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010/03/26 09:17:52 | 000,000,000 | ---D | C] -- F:\Program Files\ERUNT
[2010/03/19 11:11:37 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\Application Data\Malwarebytes
[2010/03/19 11:11:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/19 11:11:32 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/03/19 11:11:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/19 11:11:31 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010/03/19 11:10:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- F:\Documents and Settings\computer\Desktop\mbam-setup.exe
[2010/03/15 14:32:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/12 22:27:16 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\My Documents\EPSON Flat-Bed
[2010/03/12 11:27:46 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\avgrsstx.dll
[2010/03/11 11:15:58 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\My Documents\gegl-0.0
[2010/03/11 11:15:58 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\.gimp-2.6
[2010/03/11 11:15:04 | 000,000,000 | ---D | C] -- F:\Program Files\GIMP-2.0
[2010/02/17 10:48:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/17 10:48:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/09 17:03:52 | 000,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/09 17:03:52 | 000,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/05 15:09:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[2 F:\Documents and Settings\computer\My Documents\*.tmp files -> F:\Documents and Settings\computer\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/09 12:40:17 | 000,019,498 | ---- | M] () -- F:\Documents and Settings\computer\Application Data\wklnhst.dat
[2010/04/09 12:31:17 | 000,000,000 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\settings.dat
[2010/04/09 12:26:22 | 000,360,124 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/09 12:26:22 | 000,314,508 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/04/09 12:26:22 | 000,040,836 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/04/09 12:24:57 | 000,000,868 | ---- | M] () -- F:\WINDOWS\tasks\Google Software Updater.job
[2010/04/09 12:24:40 | 000,000,882 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/09 12:24:23 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/04/09 12:24:21 | 000,002,422 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/04/09 12:24:19 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/04/04 01:01:42 | 000,561,664 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\computer\Desktop\OTL.exe
[2010/04/01 13:33:48 | 004,980,736 | -H-- | M] () -- F:\Documents and Settings\computer\NTUSER.DAT
[2010/04/01 13:33:48 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\computer\ntuser.ini
[2010/04/01 13:25:50 | 004,265,692 | -H-- | M] () -- F:\Documents and Settings\computer\Local Settings\Application Data\IconCache.db
[2010/03/26 10:03:25 | 000,002,497 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\Microsoft Office Word 2003.lnk
[2010/03/26 09:19:15 | 000,000,886 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/26 09:17:55 | 000,000,611 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\NTREGOPT.lnk
[2010/03/26 09:17:55 | 000,000,592 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\ERUNT.lnk
[2010/03/19 12:20:23 | 000,000,000 | ---- | M] () -- F:\Documents and Settings\computer\defogger_reenable
[2010/03/19 11:11:36 | 000,000,696 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 13:12:21 | 000,002,483 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/03/18 13:05:02 | 000,002,521 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\Microsoft Office Outlook 2003.lnk
[2010/03/18 11:19:41 | 000,001,813 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/18 10:49:00 | 057,253,522 | ---- | M] () -- F:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/18 10:47:57 | 000,012,472 | -HS- | M] () -- F:\Documents and Settings\computer\Local Settings\Application Data\NXhT2mK
[2010/03/18 10:47:57 | 000,012,472 | -HS- | M] () -- F:\Documents and Settings\All Users\Application Data\NXhT2mK
[2010/03/17 21:52:36 | 000,525,824 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\dds.scr
[2010/03/17 10:36:00 | 000,020,480 | ---- | M] () -- F:\WINDOWS\System32\nnfj.tqo
[2010/03/17 10:31:00 | 000,046,512 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\Facebook_password_2264.zip
[2010/03/16 21:25:28 | 000,028,160 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\Photoshop History.doc
[2010/03/16 21:08:54 | 000,006,656 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\PS History.wdb
[2010/03/16 15:21:25 | 000,025,088 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\Free Games.doc
[2010/03/16 14:54:05 | 000,068,608 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\Washing Info..doc
[2010/03/16 14:05:16 | 000,310,272 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\WATER Filters.doc
[2010/03/16 14:04:58 | 001,720,832 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\DEHUMIDIFIER.doc
[2010/03/16 11:48:28 | 000,366,578 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\DPE.DUS
[2010/03/16 11:48:25 | 000,000,739 | ---- | M] () -- F:\WINDOWS\win.ini
[2010/03/12 11:27:48 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/12 11:27:46 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/12 11:27:46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\avgrsstx.dll
[2010/03/12 11:27:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/11 11:15:27 | 000,000,790 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[2 F:\Documents and Settings\computer\My Documents\*.tmp files -> F:\Documents and Settings\computer\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 12:31:17 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\settings.dat
[2010/04/01 13:19:51 | 000,185,065 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\FixPolicies.exe
[2010/04/01 13:16:40 | 000,132,597 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\Flash_Disinfector.exe
[2010/03/26 09:17:55 | 000,000,611 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\NTREGOPT.lnk
[2010/03/26 09:17:55 | 000,000,592 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\ERUNT.lnk
[2010/03/19 12:24:04 | 000,293,376 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\gmer.exe
[2010/03/19 12:23:57 | 000,525,824 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\dds.scr
[2010/03/19 12:20:41 | 000,050,477 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\Defogger.exe
[2010/03/19 12:20:23 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\computer\defogger_reenable
[2010/03/19 11:11:36 | 000,000,696 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 10:36:22 | 000,012,472 | -HS- | C] () -- F:\Documents and Settings\computer\Local Settings\Application Data\NXhT2mK
[2010/03/17 10:36:22 | 000,012,472 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\NXhT2mK
[2010/03/17 10:36:05 | 000,020,480 | ---- | C] () -- F:\WINDOWS\System32\nnfj.tqo
[2010/03/17 10:34:19 | 000,046,512 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\Facebook_password_2264.zip
[2010/03/16 21:08:32 | 000,028,160 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\Photoshop History.doc
[2010/03/16 15:21:25 | 000,025,088 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\Free Games.doc
[2010/03/16 14:04:56 | 001,720,832 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\DEHUMIDIFIER.doc
[2010/03/16 13:52:06 | 000,310,272 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\WATER Filters.doc
[2010/03/16 13:46:52 | 000,068,608 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\Washing Info..doc
[2010/03/16 11:48:28 | 000,366,578 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\DPE.DUS
[2010/03/15 17:46:19 | 000,006,656 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\PS History.wdb
[2010/03/11 11:15:27 | 000,000,790 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/03/04 11:00:27 | 000,000,029 | ---- | C] () -- F:\WINDOWS\DEBUGSM.INI
[2010/03/04 10:39:41 | 000,290,919 | ---- | C] () -- F:\WINDOWS\System32\pythoncom21.dll
[2010/03/04 10:39:41 | 000,057,344 | ---- | C] () -- F:\WINDOWS\System32\PyWinTypes21.dll
[2010/03/04 10:37:49 | 000,096,768 | ---- | C] () -- F:\WINDOWS\SlantAdj.dll
[2010/03/04 10:37:49 | 000,000,072 | ---- | C] () -- F:\WINDOWS\System32\epDPE.ini
[2010/02/25 12:27:40 | 000,000,000 | -H-- | C] () -- F:\Documents and Settings\computer\hpothb07.tif
[2010/02/25 12:27:40 | 000,000,000 | -H-- | C] () -- F:\Documents and Settings\computer\hpothb07.dat
[2010/02/23 10:32:40 | 000,001,478 | ---- | C] () -- F:\Documents and Settings\computer\Application Data\HPCOM_48BitScanUpdate.log
[2010/02/23 10:32:40 | 000,000,214 | ---- | C] () -- F:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/02/22 16:34:22 | 000,000,517 | -H-- | C] () -- F:\Documents and Settings\computer\Application Data\hpothb07.tif
[2010/02/22 16:34:22 | 000,000,376 | -H-- | C] () -- F:\Documents and Settings\computer\Application Data\hpothb07.dat
[2010/02/17 10:24:19 | 000,000,587 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/20 12:48:21 | 000,019,498 | ---- | C] () -- F:\Documents and Settings\computer\Application Data\wklnhst.dat
[2009/04/02 13:42:07 | 000,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2009/03/24 05:54:41 | 000,147,456 | R--- | C] () -- F:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/03/23 13:14:56 | 000,001,024 | -H-- | C] () -- F:\Documents and Settings\computer\ntuser.dat.LOG
[2009/03/23 13:14:56 | 000,000,278 | -HS- | C] () -- F:\Documents and Settings\computer\ntuser.ini
[2009/03/23 13:14:54 | 004,980,736 | -H-- | C] () -- F:\Documents and Settings\computer\NTUSER.DAT
[2003/04/12 05:18:54 | 000,561,152 | ---- | C] () -- F:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/02/13 10:40:18 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Adobe
[2009/11/09 22:06:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/17 10:47:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\avg9
[2009/07/05 14:58:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Google Updater
[2010/03/19 11:11:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/20 12:40:03 | 000,000,000 | --SD | M] -- F:\Documents and Settings\All Users\Application Data\Microsoft
[2009/06/08 13:37:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/03/30 09:53:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\NOS

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/03/29 15:39:50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Adobe
[2010/03/04 11:14:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\ArcSoft
[2009/04/24 22:12:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/04 11:01:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\EPSON
[2009/07/05 14:58:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Google
[2009/04/12 14:59:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Help
[2010/02/18 14:37:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Hewlett-Packard
[2009/03/23 13:15:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Identities
[2010/03/04 10:45:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\InterTrust
[2009/03/29 15:39:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Macromedia
[2010/03/19 11:11:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Malwarebytes
[2010/02/23 10:30:25 | 000,000,000 | --SD | M] -- F:\Documents and Settings\computer\Application Data\Microsoft
[2010/04/09 12:24:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\OpenOffice.org2

< %APPDATA%\*.exe /s >
[2009/03/29 15:39:27 | 000,038,200 | ---- | M] () -- F:\Documents and Settings\computer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/02/23 10:30:25 | 000,010,134 | R--- | M] () -- F:\Documents and Settings\computer\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 22:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 22:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 22:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 22:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 22:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
< End of report >


Extras.txt

OTL logfile created on: 4/9/2010 12:40:45 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = F:\Documents and Settings\computer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.75 Gb Total Space | 452.59 Gb Free Space | 97.17% Space Free | Partition Type: NTFS
Drive G: | 986.20 Mb Total Space | 977.45 Mb Free Space | 99.11% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-257495
Current User Name: computer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/04 01:01:42 | 000,561,664 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\computer\Desktop\OTL.exe
PRC - [2010/03/12 11:27:49 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/12 11:27:47 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 11:27:46 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/12 11:27:44 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 11:27:41 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/12 11:27:40 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/28 14:14:19 | 000,135,664 | ---- | M] (Google Inc.) -- F:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2005/12/15 09:06:58 | 000,577,536 | ---- | M] (OpenOffice.org) -- F:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2005/12/15 09:06:56 | 000,434,176 | ---- | M] (OpenOffice.org) -- F:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2003/04/09 17:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 16:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 16:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 16:42:06 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe


========== Modules (SafeList) ==========

MOD - [2010/04/04 01:01:42 | 000,561,664 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\computer\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/12 11:27:44 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2003/04/12 05:18:56 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- F:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/03/12 11:27:48 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 11:27:46 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- F:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 11:27:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/07/03 19:03:14 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/19 13:32:12 | 005,854,688 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2004/10/08 11:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/14 22:00:00 | 000,000,734 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] F:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [MoneyAgent] F:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: F:\Documents and Settings\computer\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = F:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O12 - Plugin for: .spop - F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1264482626015 (MUWebControl Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - F:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - F:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: F:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/01 13:16:23 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/01 14:16:24 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - F:\WINDOWS\system32\ias [2009/03/23 23:19:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - F:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - F:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - F:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - F:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - F:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "F:\WINDOWS\system32\rundll32.exe" "F:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - F:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - F:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - F:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - F:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - F:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - F:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - F:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 12:31:08 | 000,561,664 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\computer\Desktop\OTL.exe
[2010/04/09 12:30:46 | 000,472,064 | ---- | C] ( ) -- F:\Documents and Settings\computer\Desktop\RootRepeal.exe
[2010/04/01 13:20:28 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\Desktop\FixPolicies
[2010/04/01 13:16:23 | 000,000,000 | RHSD | C] -- F:\autorun.inf
[2010/03/26 09:18:57 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010/03/26 09:17:52 | 000,000,000 | ---D | C] -- F:\Program Files\ERUNT
[2010/03/19 11:11:37 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\Application Data\Malwarebytes
[2010/03/19 11:11:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/19 11:11:32 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/03/19 11:11:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/19 11:11:31 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010/03/19 11:10:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- F:\Documents and Settings\computer\Desktop\mbam-setup.exe
[2010/03/15 14:32:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/12 22:27:16 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\My Documents\EPSON Flat-Bed
[2010/03/12 11:27:46 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\avgrsstx.dll
[2010/03/11 11:15:58 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\My Documents\gegl-0.0
[2010/03/11 11:15:58 | 000,000,000 | ---D | C] -- F:\Documents and Settings\computer\.gimp-2.6
[2010/03/11 11:15:04 | 000,000,000 | ---D | C] -- F:\Program Files\GIMP-2.0
[2010/02/17 10:48:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/17 10:48:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/09 17:03:52 | 000,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/09 17:03:52 | 000,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/05 15:09:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[2 F:\Documents and Settings\computer\My Documents\*.tmp files -> F:\Documents and Settings\computer\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/09 12:40:17 | 000,019,498 | ---- | M] () -- F:\Documents and Settings\computer\Application Data\wklnhst.dat
[2010/04/09 12:31:17 | 000,000,000 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\settings.dat
[2010/04/09 12:26:22 | 000,360,124 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/09 12:26:22 | 000,314,508 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/04/09 12:26:22 | 000,040,836 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/04/09 12:24:57 | 000,000,868 | ---- | M] () -- F:\WINDOWS\tasks\Google Software Updater.job
[2010/04/09 12:24:40 | 000,000,882 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/09 12:24:23 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/04/09 12:24:21 | 000,002,422 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/04/09 12:24:19 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/04/04 01:01:42 | 000,561,664 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\computer\Desktop\OTL.exe
[2010/04/01 13:33:48 | 004,980,736 | -H-- | M] () -- F:\Documents and Settings\computer\NTUSER.DAT
[2010/04/01 13:33:48 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\computer\ntuser.ini
[2010/04/01 13:25:50 | 004,265,692 | -H-- | M] () -- F:\Documents and Settings\computer\Local Settings\Application Data\IconCache.db
[2010/03/26 10:03:25 | 000,002,497 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\Microsoft Office Word 2003.lnk
[2010/03/26 09:19:15 | 000,000,886 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/26 09:17:55 | 000,000,611 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\NTREGOPT.lnk
[2010/03/26 09:17:55 | 000,000,592 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\ERUNT.lnk
[2010/03/19 12:20:23 | 000,000,000 | ---- | M] () -- F:\Documents and Settings\computer\defogger_reenable
[2010/03/19 11:11:36 | 000,000,696 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 13:12:21 | 000,002,483 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/03/18 13:05:02 | 000,002,521 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\Microsoft Office Outlook 2003.lnk
[2010/03/18 11:19:41 | 000,001,813 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/18 10:49:00 | 057,253,522 | ---- | M] () -- F:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/18 10:47:57 | 000,012,472 | -HS- | M] () -- F:\Documents and Settings\computer\Local Settings\Application Data\NXhT2mK
[2010/03/18 10:47:57 | 000,012,472 | -HS- | M] () -- F:\Documents and Settings\All Users\Application Data\NXhT2mK
[2010/03/17 21:52:36 | 000,525,824 | ---- | M] () -- F:\Documents and Settings\computer\Desktop\dds.scr
[2010/03/17 10:36:00 | 000,020,480 | ---- | M] () -- F:\WINDOWS\System32\nnfj.tqo
[2010/03/17 10:31:00 | 000,046,512 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\Facebook_password_2264.zip
[2010/03/16 21:25:28 | 000,028,160 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\Photoshop History.doc
[2010/03/16 21:08:54 | 000,006,656 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\PS History.wdb
[2010/03/16 15:21:25 | 000,025,088 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\Free Games.doc
[2010/03/16 14:54:05 | 000,068,608 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\Washing Info..doc
[2010/03/16 14:05:16 | 000,310,272 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\WATER Filters.doc
[2010/03/16 14:04:58 | 001,720,832 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\DEHUMIDIFIER.doc
[2010/03/16 11:48:28 | 000,366,578 | ---- | M] () -- F:\Documents and Settings\computer\My Documents\DPE.DUS
[2010/03/16 11:48:25 | 000,000,739 | ---- | M] () -- F:\WINDOWS\win.ini
[2010/03/12 11:27:48 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/12 11:27:46 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/12 11:27:46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\avgrsstx.dll
[2010/03/12 11:27:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/11 11:15:27 | 000,000,790 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[2 F:\Documents and Settings\computer\My Documents\*.tmp files -> F:\Documents and Settings\computer\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 12:31:17 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\settings.dat
[2010/04/01 13:19:51 | 000,185,065 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\FixPolicies.exe
[2010/04/01 13:16:40 | 000,132,597 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\Flash_Disinfector.exe
[2010/03/26 09:17:55 | 000,000,611 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\NTREGOPT.lnk
[2010/03/26 09:17:55 | 000,000,592 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\ERUNT.lnk
[2010/03/19 12:24:04 | 000,293,376 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\gmer.exe
[2010/03/19 12:23:57 | 000,525,824 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\dds.scr
[2010/03/19 12:20:41 | 000,050,477 | ---- | C] () -- F:\Documents and Settings\computer\Desktop\Defogger.exe
[2010/03/19 12:20:23 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\computer\defogger_reenable
[2010/03/19 11:11:36 | 000,000,696 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 10:36:22 | 000,012,472 | -HS- | C] () -- F:\Documents and Settings\computer\Local Settings\Application Data\NXhT2mK
[2010/03/17 10:36:22 | 000,012,472 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\NXhT2mK
[2010/03/17 10:36:05 | 000,020,480 | ---- | C] () -- F:\WINDOWS\System32\nnfj.tqo
[2010/03/17 10:34:19 | 000,046,512 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\Facebook_password_2264.zip
[2010/03/16 21:08:32 | 000,028,160 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\Photoshop History.doc
[2010/03/16 15:21:25 | 000,025,088 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\Free Games.doc
[2010/03/16 14:04:56 | 001,720,832 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\DEHUMIDIFIER.doc
[2010/03/16 13:52:06 | 000,310,272 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\WATER Filters.doc
[2010/03/16 13:46:52 | 000,068,608 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\Washing Info..doc
[2010/03/16 11:48:28 | 000,366,578 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\DPE.DUS
[2010/03/15 17:46:19 | 000,006,656 | ---- | C] () -- F:\Documents and Settings\computer\My Documents\PS History.wdb
[2010/03/11 11:15:27 | 000,000,790 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/03/04 11:00:27 | 000,000,029 | ---- | C] () -- F:\WINDOWS\DEBUGSM.INI
[2010/03/04 10:39:41 | 000,290,919 | ---- | C] () -- F:\WINDOWS\System32\pythoncom21.dll
[2010/03/04 10:39:41 | 000,057,344 | ---- | C] () -- F:\WINDOWS\System32\PyWinTypes21.dll
[2010/03/04 10:37:49 | 000,096,768 | ---- | C] () -- F:\WINDOWS\SlantAdj.dll
[2010/03/04 10:37:49 | 000,000,072 | ---- | C] () -- F:\WINDOWS\System32\epDPE.ini
[2010/02/25 12:27:40 | 000,000,000 | -H-- | C] () -- F:\Documents and Settings\computer\hpothb07.tif
[2010/02/25 12:27:40 | 000,000,000 | -H-- | C] () -- F:\Documents and Settings\computer\hpothb07.dat
[2010/02/23 10:32:40 | 000,001,478 | ---- | C] () -- F:\Documents and Settings\computer\Application Data\HPCOM_48BitScanUpdate.log
[2010/02/23 10:32:40 | 000,000,214 | ---- | C] () -- F:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/02/22 16:34:22 | 000,000,517 | -H-- | C] () -- F:\Documents and Settings\computer\Application Data\hpothb07.tif
[2010/02/22 16:34:22 | 000,000,376 | -H-- | C] () -- F:\Documents and Settings\computer\Application Data\hpothb07.dat
[2010/02/17 10:24:19 | 000,000,587 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/20 12:48:21 | 000,019,498 | ---- | C] () -- F:\Documents and Settings\computer\Application Data\wklnhst.dat
[2009/04/02 13:42:07 | 000,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2009/03/24 05:54:41 | 000,147,456 | R--- | C] () -- F:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/03/23 13:14:56 | 000,001,024 | -H-- | C] () -- F:\Documents and Settings\computer\ntuser.dat.LOG
[2009/03/23 13:14:56 | 000,000,278 | -HS- | C] () -- F:\Documents and Settings\computer\ntuser.ini
[2009/03/23 13:14:54 | 004,980,736 | -H-- | C] () -- F:\Documents and Settings\computer\NTUSER.DAT
[2003/04/12 05:18:54 | 000,561,152 | ---- | C] () -- F:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/02/13 10:40:18 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Adobe
[2009/11/09 22:06:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/17 10:47:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\avg9
[2009/07/05 14:58:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Google Updater
[2010/03/19 11:11:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/20 12:40:03 | 000,000,000 | --SD | M] -- F:\Documents and Settings\All Users\Application Data\Microsoft
[2009/06/08 13:37:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/03/30 09:53:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\NOS

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/03/29 15:39:50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Adobe
[2010/03/04 11:14:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\ArcSoft
[2009/04/24 22:12:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/04 11:01:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\EPSON
[2009/07/05 14:58:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Google
[2009/04/12 14:59:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Help
[2010/02/18 14:37:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Hewlett-Packard
[2009/03/23 13:15:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Identities
[2010/03/04 10:45:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\InterTrust
[2009/03/29 15:39:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Macromedia
[2010/03/19 11:11:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\Malwarebytes
[2010/02/23 10:30:25 | 000,000,000 | --SD | M] -- F:\Documents and Settings\computer\Application Data\Microsoft
[2010/04/09 12:24:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\computer\Application Data\OpenOffice.org2

< %APPDATA%\*.exe /s >
[2009/03/29 15:39:27 | 000,038,200 | ---- | M] () -- F:\Documents and Settings\computer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/02/23 10:30:25 | 000,010,134 | R--- | M] () -- F:\Documents and Settings\computer\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 22:00:00 | 020,056,462 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 22:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 22:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 22:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 22:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 22:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
< End of report >


#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:16 AM

Posted 09 April 2010 - 10:44 AM

Hi Crystal,

No worries about the delay, just make sure not to run any tools or install any updates while we clean the PC.

You've posted OTL.txt twice, can you please post again the Extra.txt, thanks.


++++++++++++++++++++


1. We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    :OTL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    [2010/03/17 10:36:00 | 000,020,480 | ---- | M] () -- F:\WINDOWS\System32\nnfj.tqo
    [3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
    [2 F:\Documents and Settings\computer\My Documents\*.tmp files -> F:\Documents and Settings\computer\My Documents\*.tmp -> ]

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.



2. Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (Right click on the file and choose extract all).
  • Double-Click TDSSKiller.exe to run it.
  • When it finished press any key to continue (Let reboot if needed).
  • Once completed it will create a log in your F:\ drive
  • Please post the contents of that log.


~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 NeilRC

NeilRC
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 14 April 2010 - 07:06 PM

Hi Semp,

Sorry about the double posting. Here is the Extra.txt

Hopefully I can follow the rest of your instructions tomorrow.

Thanks,
Crystal.

OTL Extras logfile created on: 4/9/2010 12:40:45 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = F:\Documents and Settings\computer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.75 Gb Total Space | 452.59 Gb Free Space | 97.17% Space Free | Partition Type: NTFS
Drive G: | 986.20 Mb Total Space | 977.45 Mb Free Space | 99.11% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-257495
Current User Name: computer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\AVG\AVG8\avgupd.exe" = F:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"F:\Program Files\AVG\AVG8\avgemc.exe" = F:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"F:\Program Files\AVG\AVG9\avgupd.exe" = F:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG9\avgnsx.exe" = F:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{045A0040-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard - WE 2004
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{1D643CD0-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money System Pack
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0}" = OpenOffice.org 2.0
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Standard 9
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"EPSON Photo Print" = EPSON Photo Print
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PF 1260 1660 2400 Guide" = PF 1260 1660 2400 Guide
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Photo Standard 9
"Shockwave" = Shockwave
"WinGimp-2.0_is1" = GIMP 2.6.8
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2010 12:19:25 AM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 3/11/2010 10:22:27 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 3/18/2010 9:19:05 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 3/18/2010 10:19:14 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 3/25/2010 7:19:05 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 3/31/2010 11:10:48 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 3/31/2010 11:19:09 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 3/31/2010 11:27:28 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 4/8/2010 10:24:41 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

Error - 4/8/2010 10:34:55 PM | Computer Name = COMPUTER-257495 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/8/2010 10:26:21 PM | Computer Name = COMPUTER-257495 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/8/2010 10:26:33 PM | Computer Name = COMPUTER-257495 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 4/8/2010 10:26:42 PM | Computer Name = COMPUTER-257495 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/8/2010 10:30:41 PM | Computer Name = COMPUTER-257495 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/8/2010 10:39:33 PM | Computer Name = COMPUTER-257495 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/8/2010 10:39:53 PM | Computer Name = COMPUTER-257495 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/8/2010 10:42:24 PM | Computer Name = COMPUTER-257495 | Source = atapi | ID = 262149
Description = A parity error was detected on \Device\Ide\IdePort2.

Error - 4/8/2010 10:42:24 PM | Computer Name = COMPUTER-257495 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/8/2010 10:43:03 PM | Computer Name = COMPUTER-257495 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 4/8/2010 10:43:04 PM | Computer Name = COMPUTER-257495 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.


< End of report >


#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:16 AM

Posted 15 April 2010 - 08:57 AM

OK, post the results when ready. Thanks.

~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users