Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection with Windows Repair Virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 mrapple

mrapple

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 29 April 2011 - 11:29 PM

I'm working on a friend's computer after he got infect with a Trojan. First all of the files on the desktop disappeared. Then it posted some error messages saying the system had detected a problem with the hard disk and started up a bogus utility called WindowsRepair which proposed to fix the errors on the disk if it was purchased.

Here is what has been done so far:

I booted the computer in Safe Mode (with Network) and ran a scan using Trend Micro's Housecall. Housecall found a virus it referred to as "TROJ FAKEAV.SM10" and removed it. I rebooted the computer in normal mode and re-ran Housecall. No viruses found this time. The desktop files were scanned during the virus scan so I knew they still existed. The Threat Encyclopedia on Trend Micro's site had a command to run from the command prompt to unhide the files.

Security on this computer was basically nil so I took steps to make it more secure.
1. Turned on Windows Firewall.
2. Updated Windows Vista to SP2 and installed all Critical Updates.
3. Updated Internet Explorer to IE 9 and set the security controls for Active X to stronger levels.
4. Installed MalwareBytes Anti-Malware and most recent updates.
5. Installed SpywareBlaster and most recent updates.
6. Installed AVG Anti-Virus 2011 and most recent updates.

When I ran the initial scan with AVG it found five more Trojans, it identified them as:
"Trojan Horse Generic19.BRIW" (There were two files infected with this)
"Trojan Horse Crypt.ABII" (There were also two files infected with this)
"Trojan Horse Hiloti.BJ" (And there were also two files infected with this)
"Trojan Horse Crypt.ABHH"
"Trojan Horse Generic_r.ET"

All of these were successfully removed by AVG.

Scans with AVG and MBAM are now running clean. However before I say it is good to go, I'd like a more experienced set of eyes to give the logs a once over and see if I missed anything.


DDS (Ver_11-03-05.01) - NTFSx86
Run by Brute Squad at 20:51:32.56 on Fri 04/29/2011
Internet Explorer: 9.0.8112.16421
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\MultiPASS4\mpservic.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\SBC\update\SST.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brute Squad\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ebay.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SBC_McciTrayApp] c:\program files\sbc\update\SST.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.dstsystems.com/,DanaInfo=dstnm01.dstsystems.com+dwa7W.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSEH;AVGIDSEH
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate1ca86294fbaa36f;Google Update Service (gupdate1ca86294fbaa36f)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AERTFilters;Andrea RT Filters Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? FontCache;Windows Font Cache Service
S? Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service
.
=============== Created Last 30 ================
.
2011-04-30 01:05:49 -------- d--h--w- C:\$AVG
2011-04-30 00:33:09 -------- d-----w- c:\users\brutes~1\appdata\roaming\AVG10
2011-04-30 00:29:23 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-30 00:29:23 -------- d-----w- c:\progra~2\AVG10
2011-04-30 00:28:02 -------- d-----w- c:\program files\AVG
2011-04-29 23:51:21 -------- d-----w- c:\progra~2\MFAData
2011-04-29 23:08:49 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-29 13:20:16 -------- d-----w- c:\program files\Microsoft
2011-04-29 13:19:58 469256 ----a-w- c:\program files\common files\windows live\.cache\21c41a651cc067004\InstallManager_WLE_WLE.exe
2011-04-29 13:02:56 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-29 13:02:56 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-29 13:02:56 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-29 13:02:53 15712 ----a-w- c:\program files\common files\windows live\.cache\bf60a4851cc066d03\MeshBetaRemover.exe
2011-04-29 13:02:47 525656 ----a-w- c:\program files\common files\windows live\.cache\bc0554251cc066d02\DXSETUP.exe
2011-04-29 13:02:47 1691480 ----a-w- c:\program files\common files\windows live\.cache\bc0554251cc066d02\dsetup32.dll
2011-04-29 13:02:46 94040 ----a-w- c:\program files\common files\windows live\.cache\bc0554251cc066d02\DSETUP.dll
2011-04-29 13:01:25 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-04-29 13:01:19 94040 ----a-w- c:\program files\common files\windows live\.cache\8728eb451cc066d01\DSETUP.dll
2011-04-29 13:01:19 525656 ----a-w- c:\program files\common files\windows live\.cache\8728eb451cc066d01\DXSETUP.exe
2011-04-29 13:01:19 1691480 ----a-w- c:\program files\common files\windows live\.cache\8728eb451cc066d01\dsetup32.dll
2011-04-29 12:53:23 -------- d-----w- c:\users\brutes~1\appdata\local\Windows Live
2011-04-29 12:53:22 -------- d-----w- c:\program files\common files\Windows Live
2011-04-29 12:52:36 754688 ----a-w- c:\windows\system32\webservices.dll
2011-04-29 12:48:25 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-04-29 12:48:25 -------- d-----w- c:\windows\system32\x64
2011-04-29 12:48:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-04-29 11:29:03 -------- d-----w- c:\users\brutes~1\appdata\local\Eraser 6
2011-04-29 10:42:45 -------- d-----w- c:\program files\Eraser
2011-04-29 10:19:09 -------- d-----w- c:\program files\Windows Portable Devices
2011-04-29 10:11:02 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-04-29 10:11:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-04-29 10:11:01 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-04-29 10:07:10 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-04-29 10:07:09 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-04-29 10:07:09 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-04-29 09:53:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-29 09:53:29 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-29 09:53:29 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-04-29 09:53:29 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-29 09:53:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-29 09:53:29 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-04-29 09:53:28 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-04-29 09:53:28 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-04-29 09:53:28 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-29 09:53:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-29 09:53:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-04-29 09:53:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-04-29 09:47:44 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-04-29 09:04:25 -------- d-----w- c:\windows\system32\eu-ES
2011-04-29 09:04:25 -------- d-----w- c:\windows\system32\ca-ES
2011-04-29 09:04:22 -------- d-----w- c:\windows\system32\vi-VN
2011-04-29 08:20:11 -------- d-----w- c:\windows\system32\EventProviders
2011-04-29 07:42:40 -------- d-----w- c:\program files\SpywareBlaster
2011-04-27 22:59:39 102400 ----a-w- c:\windows\RegBootClean.exe
2011-04-27 00:41:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:41:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-23 20:27:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-23 20:27:17 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-15 21:20:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 21:20:12 292864 ----a-w- c:\windows\system32\atmfd.dll
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 20:52:28.33 ===============

==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
aiofw
aioprnt
aioscnnr
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AT&T Yahoo! Internet Mail
AVG 2011
Bonjour
Canon MultiPASS F80
Canon ScanGear Starter
CCScore
center
Conexant D850 PCI V.92 Modem
Dell Getting Started Guide
Dell Support Center
Digital Line Detect
EDocs
Eraser 6.0.8.2273
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ffdshow [rev 3008] [2009-06-18]
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0
iTunes
Java™ 6 Update 5
Juniper Networks Host Checker
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Juniper Terminal Services Client
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK AiO Home Center
Kodak EasyShare software
ksDIP
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
Move Media Player
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music, Photos & Videos Launcher
netbrdg
NetWaiting
OfotoXMI
PowerDVD
PreReq
Product Documentation Launcher
QuickBooks Pro 2008
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
SHASTA
skin0001
SKINXSDK
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.4
staticcr
SupportSoft Assisted Service
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VPRINTOL
WIRELESS
Yahoo! Install Manager
.
==== End Of File ===========================

Thanks In Advance!
Attached File  ark.log   21.79KB   2 downloads

So I've re-run MBAM and AVG scans. Looks like the infections are back. Any help would be great...

EDIT: Posts merged ~Budapest

Edited by Budapest, 06 May 2011 - 05:12 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 08 May 2011 - 11:15 AM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 mrapple

mrapple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 09 May 2011 - 08:52 AM

Hello etavares, thanks for your assistance.

Ok, here are the logs you requested:


OLT.Txt
OTL logfile created on: 5/9/2011 7:56:24 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brute Squad\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 172.11 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.14 Gb Free Space | 61.35% Space Free | Partition Type: NTFS

Computer Name: BRUTESQUAD-PC | User Name: Brute Squad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 07:51:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\OTL.exe
PRC - [2011/05/05 17:39:33 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/11/04 22:09:22 | 000,980,368 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/12/26 07:48:37 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/01/20 21:34:31 | 002,585,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/02/28 14:35:32 | 001,011,200 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC\update\SST.exe
PRC - [2007/01/15 20:11:50 | 000,057,344 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\MultiPASS4\mpservic.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 07:51:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2008/07/06 12:07:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/15 20:11:50 | 000,057,344 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\MultiPASS4\mpservic.exe -- (MpService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ebay.com/|https://retailer.diamondcomics.com/main/login.asp|https://login.secureserver.net/index.php?app=wbe&domain=email.brutesquadentertainment.com"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/29 19:30:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 16:29:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/07 16:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brute Squad\AppData\Roaming\Mozilla\Extensions
[2011/05/07 16:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/29 19:30:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/12/05 13:08:23 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\BRUTE SQUAD\APPDATA\ROAMING\MOVE NETWORKS
[2009/09/03 15:16:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Brute Squad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sca00.dstsystems.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Brute Squad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brute Squad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5e2da4f1-0386-11de-b9f3-001d09a0deff}\Shell - "" = AutoRun
O33 - MountPoints2\{5e2da4f1-0386-11de-b9f3-001d09a0deff}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 07:51:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\OTL.exe
[2011/05/07 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Roaming\Mozilla
[2011/05/07 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\Mozilla
[2011/05/07 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/06 18:06:13 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\Microsoft Corporation
[2011/05/05 20:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/29 20:05:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/29 19:33:09 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Roaming\AVG10
[2011/04/29 19:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/04/29 19:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/29 19:29:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/04/29 19:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/29 18:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/29 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\Desktop\johnnies music files
[2011/04/29 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\Desktop\Store Receipts
[2011/04/29 08:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/04/29 07:53:23 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\Windows Live
[2011/04/29 07:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/04/29 07:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/29 07:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/04/29 07:48:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/04/29 06:29:03 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\Eraser 6
[2011/04/29 05:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2011/04/29 05:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/04/29 04:04:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/04/29 04:04:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/04/29 04:04:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/04/29 03:20:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/04/29 02:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/29 02:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/04/29 02:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/29 02:20:35 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\Desktop\Johnnie's Comic Lists
[2011/04/23 15:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/23 15:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/16 13:56:22 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\Desktop\Updated Logo's

========== Files - Modified Within 30 Days ==========

[2011/05/09 07:51:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\OTL.exe
[2011/05/09 07:34:19 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/09 07:09:54 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/09 07:09:54 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/09 07:06:30 | 114,586,442 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/09 07:03:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 07:02:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 07:02:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 07:01:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 16:29:59 | 000,000,872 | ---- | M] () -- C:\Users\Brute Squad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/07 16:29:59 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/29 20:55:53 | 000,301,568 | ---- | M] () -- C:\Users\Brute Squad\Desktop\gmer.exe
[2011/04/29 20:48:17 | 000,625,664 | ---- | M] () -- C:\Users\Brute Squad\Desktop\dds.scr
[2011/04/29 19:30:25 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/29 17:59:16 | 000,000,945 | ---- | M] () -- C:\Users\Brute Squad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/29 17:54:50 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/29 17:54:50 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/29 17:54:40 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/29 09:26:29 | 000,279,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/29 06:07:18 | 000,308,540 | ---- | M] () -- C:\Users\Brute Squad\AppData\Local\census.cache
[2011/04/29 06:06:57 | 000,163,838 | ---- | M] () -- C:\Users\Brute Squad\AppData\Local\ars.cache
[2011/04/29 05:42:53 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011/04/29 05:17:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/29 02:42:42 | 000,000,814 | ---- | M] () -- C:\Users\Brute Squad\Desktop\SpywareBlaster.lnk
[2011/04/27 21:27:14 | 005,187,584 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/04/27 17:59:45 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/04/27 17:47:12 | 000,000,036 | ---- | M] () -- C:\Users\Brute Squad\AppData\Local\housecall.guid.cache
[2011/04/27 17:17:06 | 000,000,680 | ---- | M] () -- C:\Users\Brute Squad\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/05/09 07:06:30 | 114,586,442 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/07 16:29:59 | 000,000,872 | ---- | C] () -- C:\Users\Brute Squad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/07 16:29:59 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/07 16:29:59 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 20:29:22 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 20:29:21 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 20:48:17 | 000,625,664 | ---- | C] () -- C:\Users\Brute Squad\Desktop\dds.scr
[2011/04/29 19:30:25 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/29 17:54:40 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/29 12:45:36 | 000,301,568 | ---- | C] () -- C:\Users\Brute Squad\Desktop\gmer.exe
[2011/04/29 06:07:18 | 000,308,540 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\census.cache
[2011/04/29 06:06:57 | 000,163,838 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\ars.cache
[2011/04/29 05:42:53 | 000,001,672 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2011/04/29 05:42:53 | 000,001,660 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011/04/29 05:17:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/29 02:42:42 | 000,000,814 | ---- | C] () -- C:\Users\Brute Squad\Desktop\SpywareBlaster.lnk
[2011/04/27 17:59:39 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/04/27 17:47:12 | 000,000,036 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\housecall.guid.cache
[2011/04/27 17:17:06 | 000,000,680 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\d3d9caps.dat
[2009/09/18 15:52:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 15:52:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/20 14:48:01 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/01/17 20:51:44 | 000,010,831 | ---- | C] () -- C:\Windows\System32\mpupmon.dll
[2009/01/17 20:50:21 | 000,001,138 | ---- | C] () -- C:\Windows\System32\MpEnum.ini
[2009/01/17 20:50:21 | 000,000,026 | ---- | C] () -- C:\Windows\System32\MpNetIpc.ini
[2008/09/25 15:30:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/08 16:10:25 | 000,111,104 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/06 14:35:11 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/06 14:35:11 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/06 14:35:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/06 14:35:11 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/03 18:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,279,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/29 19:33:09 | 000,000,000 | ---D | M] -- C:\Users\Brute Squad\AppData\Roaming\AVG10
[2010/09/16 13:25:04 | 000,000,000 | ---D | M] -- C:\Users\Brute Squad\AppData\Roaming\Juniper Networks
[2009/02/14 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\Brute Squad\AppData\Roaming\Skinux
[2010/08/28 11:34:45 | 000,000,000 | ---D | M] -- C:\Users\Brute Squad\AppData\Roaming\Temp
[2011/05/07 17:54:05 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >
[2011/03/03 08:25:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/06 14:35:21 | 000,004,762 | RH-- | M] () -- C:\dell.sdr
[2011/04/27 16:28:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2011/05/09 07:01:52 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2002/02/11 16:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDy6.DLL
[2002/02/11 16:00:00 | 000,043,008 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPy6.DLL
[2010/09/02 15:17:50 | 000,196,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Extras.txt (from OLT)
OTL Extras logfile created on: 5/9/2011 7:56:24 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brute Squad\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 172.11 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.14 Gb Free Space | 61.35% Space Free | Partition Type: NTFS

Computer Name: BRUTESQUAD-PC | User Name: Brute Squad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5AE9FFCC-0EA8-4A4D-8C5B-CF36A6708F48}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A43FFE-57D2-4A33-A2B1-12A8627DDFDD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{0FC2BD2D-900B-4CD2-8F39-307568C70C94}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{2DE87CB0-C8AE-4882-9C3D-5B52A379BC95}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37717052-58ED-4B05-8763-3045A72E2428}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3EF18FDA-EF92-4BEC-B451-69D96148B97E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3FCC5EAF-CEBC-477E-8114-6A11D3707343}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{50DC024B-9A0D-4CAB-80DD-5212A17A43C5}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{52865AA5-2FB7-46FC-A253-983B8654D212}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6CD986C7-C542-44E1-9743-EBEB871E26D8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{72347FA0-8225-4644-B3F6-A7C832FE816B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7446D7C6-680E-465B-87F8-D600FF6BF0BA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7BD63E09-C2AA-4CE4-9000-17E1506497C2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{9AF08710-AE25-49A5-A3B7-D042CF5F8655}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B49A35B9-4900-474F-A8A9-98B450D5C1E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{CA61A840-CFB0-422D-8DFA-D3293165DDF4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D7833194-8F65-4F85-9C8C-B9F1760951A1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MultiPASS_F80" = Canon MultiPASS F80
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"ffdshow_is1" = ffdshow [rev 3008] [2009-06-18]
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2011 9:02:57 AM | Computer Name = BruteSquad-PC | Source = System Restore | ID = 8193
Description =

Error - 4/29/2011 10:27:27 AM | Computer Name = BruteSquad-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2011 5:02:12 PM | Computer Name = BruteSquad-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2011 5:40:57 PM | Computer Name = BruteSquad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/29/2011 5:42:34 PM | Computer Name = BruteSquad-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 4/29/2011 5:42:34 PM | Computer Name = BruteSquad-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 4/29/2011 6:59:38 PM | Computer Name = BruteSquad-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2011 7:30:57 PM | Computer Name = BruteSquad-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2011 7:49:46 PM | Computer Name = BruteSquad-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2011 10:01:19 PM | Computer Name = BruteSquad-PC | Source = Perflib | ID = 1010
Description =

[ System Events ]
Error - 4/30/2011 11:04:40 AM | Computer Name = BruteSquad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/30/2011 6:00:35 PM | Computer Name = BruteSquad-PC | Source = DCOM | ID = 10010
Description =

Error - 5/4/2011 4:48:21 PM | Computer Name = BruteSquad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/4/2011 6:38:49 PM | Computer Name = BruteSquad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/4/2011 7:58:37 PM | Computer Name = BruteSquad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/5/2011 6:37:16 PM | Computer Name = BruteSquad-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2011 6:37:16 PM | Computer Name = BruteSquad-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2011 6:37:28 PM | Computer Name = BruteSquad-PC | Source = DCOM | ID = 10016
Description =

Error - 5/5/2011 6:37:28 PM | Computer Name = BruteSquad-PC | Source = DCOM | ID = 10016
Description =

Error - 5/7/2011 6:53:55 PM | Computer Name = BruteSquad-PC | Source = DCOM | ID = 10010
Description =


< End of report >

The new Ark.log from GMER
GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-09 08:42:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250310AS rev.3.ADA
Running: gmer.exe; Driver: C:\Users\BRUTES~1\AppData\Local\Temp\kwrcrfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA71427A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA7142848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA71428E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA7142980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 81CF0B74 4 Bytes [A0, 27, 14, A7]
.text ntkrnlpa.exe!KeSetEvent + 621 81CF0DA4 8 Bytes [48, 28, 14, A7, E4, 28, 14, ...] {DEC EAX; SUB [EDI], DL; IN AL, 0x28; ADC AL, 0xa7}
.text ntkrnlpa.exe!KeSetEvent + 681 81CF0E04 4 Bytes [80, 29, 14, A7] {SUB BYTE [ECX], 0x14; CMPSD }

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4136] kernel32.dll!CreateThread 75E8C90E 5 Bytes JMP 6B127133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateDialogParamW 750572A2 5 Bytes JMP 6B2B5C79 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!GetAsyncKeyState 7505863C 2 Bytes JMP 6B10DC09 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!GetAsyncKeyState + 3 7505863F 2 Bytes [0B, F6] {OR ESI, ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!SetWindowsHookExW 750587AD 5 Bytes JMP 6B161FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CallNextHookEx 75058E3B 5 Bytes JMP 6B187AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!UnhookWindowsHookEx 750598DB 5 Bytes JMP 6B1AEB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!EnableWindow 7505CD8B 5 Bytes JMP 6B169884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DefWindowProcA 7505DB88 7 Bytes JMP 6B129345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateWindowExA 7505DC2A 2 Bytes JMP 6B133173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateWindowExA + 3 7505DC2D 2 Bytes [0D, F6]
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateWindowExW 75061305 5 Bytes JMP 6B18FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!GetKeyState 75068CB1 5 Bytes JMP 6B10DAE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DefWindowProcW 750703B4 7 Bytes JMP 6B187B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!IsDialogMessageW 75070745 5 Bytes JMP 6B2B6406 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateDialogParamA 750717AA 5 Bytes JMP 6B2B5C41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!IsDialogMessage 75071847 5 Bytes JMP 6B2B63DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateDialogIndirectParamA 750726F1 5 Bytes JMP 6B2B5CB1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateDialogIndirectParamW 75079A62 5 Bytes JMP 6B2B5CE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!SetKeyboardState 75080987 5 Bytes JMP 6B2B6CCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxParamW 750810B0 5 Bytes JMP 6B0C15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxIndirectParamW 75082EF5 5 Bytes JMP 6B2B590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!SendInput 75082F75 5 Bytes JMP 6B2B6C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!EndDialog 7508326E 5 Bytes JMP 6B2B66B2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!SetCursorPos 75096FB2 5 Bytes JMP 6B2B6D4E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxParamA 75098152 5 Bytes JMP 6B2B58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxIndirectParamA 7509847D 5 Bytes JMP 6B2B5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxIndirectA 750AD4D9 5 Bytes JMP 6B2B5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxIndirectW 750AD5D3 5 Bytes JMP 6B2B57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxExA 750AD639 5 Bytes JMP 6B2B5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxExW 750AD65D 5 Bytes JMP 6B2B56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!keybd_event 750AD972 5 Bytes JMP 6B2B6C32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] SHELL32.dll!SHRestricted + D95 751789A8 4 Bytes [37, 01, 57, 71] {AAA ; ADD [EDI+0x71], EDX}
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] SHELL32.dll!SHRestricted + D9D 751789B0 8 Bytes [60, 61, 56, 71, E1, F6, 56, ...] {PUSHA ; POPA ; PUSH ESI; JNO 0xffffffffffffffe6; NOT BYTE [ESI+0x71]}
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] ole32.dll!OleLoadFromStream 74ED1E80 5 Bytes JMP 6B2B6110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4136] ole32.dll!CoCreateInstance 74F09F3E 5 Bytes JMP 6B18B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] kernel32.dll!CreateThread 75E8C90E 5 Bytes JMP 6B127133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!CreateDialogParamW 750572A2 5 Bytes JMP 6B2B5C79 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!GetAsyncKeyState 7505863C 2 Bytes JMP 6B10DC09 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!GetAsyncKeyState + 3 7505863F 2 Bytes [0B, F6] {OR ESI, ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!SetWindowsHookExW 750587AD 5 Bytes JMP 6B161FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!CallNextHookEx 75058E3B 5 Bytes JMP 6B187AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!UnhookWindowsHookEx 750598DB 5 Bytes JMP 6B1AEB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!EnableWindow 7505CD8B 5 Bytes JMP 6B169884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!DefWindowProcA 7505DB88 7 Bytes JMP 6B129345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!CreateWindowExA 7505DC2A 2 Bytes JMP 6B133173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!CreateWindowExA + 3 7505DC2D 2 Bytes [0D, F6]
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!CreateWindowExW 75061305 5 Bytes JMP 6B18FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!GetKeyState 75068CB1 5 Bytes JMP 6B10DAE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!DefWindowProcW 750703B4 7 Bytes JMP 6B187B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!IsDialogMessageW 75070745 5 Bytes JMP 6B2B6406 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!CreateDialogParamA 750717AA 5 Bytes JMP 6B2B5C41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!IsDialogMessage 75071847 5 Bytes JMP 6B2B63DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!CreateDialogIndirectParamA 750726F1 5 Bytes JMP 6B2B5CB1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!CreateDialogIndirectParamW 75079A62 5 Bytes JMP 6B2B5CE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!SetKeyboardState 75080987 5 Bytes JMP 6B2B6CCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!DialogBoxParamW 750810B0 5 Bytes JMP 6B0C15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!DialogBoxIndirectParamW 75082EF5 5 Bytes JMP 6B2B590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!SendInput 75082F75 5 Bytes JMP 6B2B6C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!EndDialog 7508326E 5 Bytes JMP 6B2B66B2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!SetCursorPos 75096FB2 5 Bytes JMP 6B2B6D4E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!DialogBoxParamA 75098152 5 Bytes JMP 6B2B58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!DialogBoxIndirectParamA 7509847D 5 Bytes JMP 6B2B5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!MessageBoxIndirectA 750AD4D9 5 Bytes JMP 6B2B5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!MessageBoxIndirectW 750AD5D3 5 Bytes JMP 6B2B57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!MessageBoxExA 750AD639 5 Bytes JMP 6B2B5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!MessageBoxExW 750AD65D 5 Bytes JMP 6B2B56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] USER32.dll!keybd_event 750AD972 5 Bytes JMP 6B2B6C32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] SHELL32.dll!SHRestricted + D95 751789A8 4 Bytes [37, 01, 57, 71] {AAA ; ADD [EDI+0x71], EDX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] SHELL32.dll!SHRestricted + D9D 751789B0 8 Bytes [60, 61, 56, 71, E1, F6, 56, ...] {PUSHA ; POPA ; PUSH ESI; JNO 0xffffffffffffffe6; NOT BYTE [ESI+0x71]}
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] ole32.dll!OleLoadFromStream 74ED1E80 5 Bytes JMP 6B2B6110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5180] ole32.dll!CoCreateInstance 74F09F3E 5 Bytes JMP 6B18B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!EnableWindow 7505CD8B 5 Bytes JMP 6B169884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!DialogBoxParamW 750810B0 5 Bytes JMP 6B0C15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!DialogBoxIndirectParamW 75082EF5 5 Bytes JMP 6B2B590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!DialogBoxParamA 75098152 5 Bytes JMP 6B2B58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!DialogBoxIndirectParamA 7509847D 5 Bytes JMP 6B2B5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!MessageBoxIndirectA 750AD4D9 5 Bytes JMP 6B2B5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!MessageBoxIndirectW 750AD5D3 5 Bytes JMP 6B2B57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!MessageBoxExA 750AD639 5 Bytes JMP 6B2B5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!MessageBoxExW 750AD65D 5 Bytes JMP 6B2B56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

Thanks again for the help!

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 09 May 2011 - 06:18 PM

Hello, mrapple.

First things first, Troian.Hiloti allows backdoor control of the machine.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.



Step 1


We''ll start with MBAM. You mentioned you got reinfected in the first post above...were you also able to clear that up? What symptoms do you currently have?

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Step 2


Please update MBAM and run a quick scan. Please post the resulting log here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 mrapple

mrapple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 May 2011 - 05:23 PM

I may end up formatting the disk and re-installing, but there are some files that need to be backed up first. In the meantime, I'm going ahead with the clean up. Here are the logs that you requested:

aswMBR.txt Log:
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-11 16:52:11
-----------------------------
16:52:11.244 OS Version: Windows 6.0.6002 Service Pack 2
16:52:11.244 Number of processors: 1 586 0x1601
16:52:11.244 ComputerName: BRUTESQUAD-PC UserName: Brute Squad
16:52:39.261 Initialize success
16:52:49.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:52:49.495 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
16:52:51.538 Disk 0 MBR read successfully
16:52:51.538 Disk 0 MBR scan
16:52:51.554 Disk 0 unknown MBR code
16:52:53.566 Disk 0 scanning sectors +488278016
16:52:53.769 Disk 0 scanning C:\Windows\system32\drivers
16:53:02.162 Service scanning
16:53:04.330 Disk 0 trace - called modules:
16:53:04.346 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:53:04.362 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x848f8ac8]
16:53:04.362 3 CLASSPNP.SYS[879a58b3] -> nt!IofCallDriver -> [0x847be918]
16:53:04.362 5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e50528]
16:53:04.377 Scan finished successfully
16:53:38.557 Disk 0 MBR has been saved successfully to "C:\Users\Brute Squad\Desktop\MBR.dat"
16:53:38.572 The log file has been saved successfully to "C:\Users\Brute Squad\Desktop\aswMBR.txt"


MalwareBytes Anti-Malware Log (no infections found):
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6557

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/11/2011 5:06:16 PM
mbam-log-2011-05-11 (17-06-16).txt

Scan type: Quick scan
Objects scanned: 155495
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks,
Matt.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 11 May 2011 - 05:35 PM

Hello, mrapple.

OK, sounds good. Both of those appear clean, which is a good sign.

However, it appears there are somethings not working well based on the first log (e.g. we can't create a restore point), so there may be something lurking. Let's run Combofix.

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 mrapple

mrapple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 May 2011 - 08:07 PM

Ok, I did uninstall AVG. Here's the combofix log:

ComboFix 11-05-11.01 - Brute Squad 05/11/2011 19:36:15.1.1 - x86
Running from: c:\users\Brute Squad\Desktop\etavaresCF.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-11 22:02 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-07 21:30 . 2011-05-07 21:30 -------- d-----w- c:\users\Brute Squad\AppData\Local\Mozilla
2011-05-06 23:06 . 2011-05-06 23:06 -------- d-----w- c:\users\Brute Squad\AppData\Local\Microsoft Corporation
2011-05-06 00:58 . 2011-05-06 00:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-30 00:33 . 2011-04-30 00:33 -------- d-----w- c:\users\Brute Squad\AppData\Roaming\AVG10
2011-04-30 00:29 . 2011-05-12 00:23 -------- d-----w- c:\programdata\AVG10
2011-04-30 00:28 . 2011-04-30 00:28 -------- d-----w- c:\program files\AVG
2011-04-29 23:51 . 2011-05-12 00:22 -------- d-----w- c:\programdata\MFAData
2011-04-29 23:08 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-29 13:20 . 2011-04-29 21:42 -------- d-----w- c:\program files\Microsoft
2011-04-29 13:02 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-29 13:02 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-29 13:02 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-29 13:01 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-04-29 12:53 . 2011-04-29 12:53 -------- d-----w- c:\users\Brute Squad\AppData\Local\Windows Live
2011-04-29 12:53 . 2011-04-29 12:53 -------- d-----w- c:\program files\Common Files\Windows Live
2011-04-29 12:52 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-04-29 12:51 . 2011-04-29 23:29 -------- d-----w- c:\program files\Microsoft Silverlight
2011-04-29 12:48 . 2011-04-29 12:48 -------- d-----w- c:\windows\system32\x64
2011-04-29 12:48 . 2008-02-12 01:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-04-29 12:48 . 2006-11-10 21:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-04-29 11:29 . 2011-04-29 11:29 -------- d-----w- c:\users\Brute Squad\AppData\Local\Eraser 6
2011-04-29 10:42 . 2011-04-29 10:42 -------- d-----w- c:\program files\Eraser
2011-04-29 10:19 . 2011-04-29 10:19 -------- d-----w- c:\program files\Windows Portable Devices
2011-04-29 10:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-04-29 10:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-04-29 10:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-04-29 10:07 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-04-29 10:07 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-04-29 10:07 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-04-29 09:53 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-29 09:53 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-29 09:53 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-29 09:53 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-29 09:53 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-04-29 09:53 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-04-29 09:53 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-29 09:53 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-29 09:53 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-04-29 09:53 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-04-29 09:53 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-04-29 09:53 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-04-29 09:47 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-04-29 09:04 . 2011-04-29 09:06 -------- d-----w- c:\windows\system32\ca-ES
2011-04-29 09:04 . 2011-04-29 09:06 -------- d-----w- c:\windows\system32\eu-ES
2011-04-29 09:04 . 2011-04-29 09:06 -------- d-----w- c:\windows\system32\vi-VN
2011-04-29 08:20 . 2011-04-29 08:20 -------- d-----w- c:\windows\system32\EventProviders
2011-04-29 07:42 . 2011-05-04 20:54 -------- d-----w- c:\program files\SpywareBlaster
2011-04-27 22:59 . 2011-04-27 22:59 102400 ----a-w- c:\windows\RegBootClean.exe
2011-04-27 00:41 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 00:41 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-23 20:27 . 2011-04-29 09:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-23 20:27 . 2011-04-29 09:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-15 21:20 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 21:20 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:40 . 2011-04-27 00:41 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 00:41 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 00:41 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 00:41 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-04-14 16:26 . 2011-05-07 21:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-30 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SBC_McciTrayApp"="c:\program files\SBC\update\SST.exe" [2007-02-28 1011200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-19 1838592]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-26 198160]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-06 17:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 135664]
R2 gupdate1ca86294fbaa36f;Google Update Service (gupdate1ca86294fbaa36f);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 01:29]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 01:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\users\Brute Squad\AppData\Roaming\Mozilla\Firefox\Profiles\xax10xch.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.com/|https://retailer.diamondcomics.com/main/login.asp|https://login.secureserver.net/index.php?app=wbe&domain=email.brutesquadentertainment.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 19:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-11 19:46:40
ComboFix-quarantined-files.txt 2011-05-12 00:46
.
Pre-Run: 183,798,296,576 bytes free
Post-Run: 183,383,252,992 bytes free
.
- - End Of File - - 9EC3AA3C10B918955D53908240C51184

I haven't seen any unusual behavior yet.

Thanks for your help,
Matt

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 12 May 2011 - 05:01 PM

Hello, mrapple.

OK, please install AVG after running this combofix script.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 mrapple

mrapple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 13 May 2011 - 05:50 PM

Hello etavares,

Here is the log from the second run of combofix:

ComboFix 11-05-11.01 - Brute Squad 05/13/2011 17:29:55.2.1 - x86
Running from: c:\users\Brute Squad\Desktop\etavaresCF.exe
Command switches used :: c:\users\Brute Squad\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 22:36 . 2011-05-13 22:36 -------- d-----w- c:\users\Brute Squad\AppData\Local\temp
2011-05-13 22:36 . 2011-05-13 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-13 22:07 . 2011-04-18 14:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0F234DE-8188-4E57-A96C-356B6B1E8E20}\mpengine.dll
2011-05-12 22:29 . 2011-02-02 23:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-11 22:02 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-07 21:30 . 2011-05-07 21:30 -------- d-----w- c:\users\Brute Squad\AppData\Local\Mozilla
2011-05-06 23:06 . 2011-05-06 23:06 -------- d-----w- c:\users\Brute Squad\AppData\Local\Microsoft Corporation
2011-05-06 00:58 . 2011-05-06 00:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-30 00:33 . 2011-04-30 00:33 -------- d-----w- c:\users\Brute Squad\AppData\Roaming\AVG10
2011-04-30 00:29 . 2011-05-12 00:23 -------- d-----w- c:\programdata\AVG10
2011-04-30 00:28 . 2011-04-30 00:28 -------- d-----w- c:\program files\AVG
2011-04-29 23:51 . 2011-05-12 00:22 -------- d-----w- c:\programdata\MFAData
2011-04-29 23:08 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-29 13:20 . 2011-04-29 21:42 -------- d-----w- c:\program files\Microsoft
2011-04-29 13:02 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-29 13:02 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-29 13:02 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-29 13:01 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-04-29 12:53 . 2011-04-29 12:53 -------- d-----w- c:\users\Brute Squad\AppData\Local\Windows Live
2011-04-29 12:53 . 2011-04-29 12:53 -------- d-----w- c:\program files\Common Files\Windows Live
2011-04-29 12:52 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-04-29 12:51 . 2011-04-29 23:29 -------- d-----w- c:\program files\Microsoft Silverlight
2011-04-29 12:48 . 2011-04-29 12:48 -------- d-----w- c:\windows\system32\x64
2011-04-29 12:48 . 2008-02-12 01:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-04-29 12:48 . 2006-11-10 21:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-04-29 11:29 . 2011-04-29 11:29 -------- d-----w- c:\users\Brute Squad\AppData\Local\Eraser 6
2011-04-29 10:42 . 2011-04-29 10:42 -------- d-----w- c:\program files\Eraser
2011-04-29 10:19 . 2011-04-29 10:19 -------- d-----w- c:\program files\Windows Portable Devices
2011-04-29 10:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-04-29 10:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-04-29 10:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-04-29 10:07 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-04-29 10:07 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-04-29 10:07 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-04-29 09:53 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-29 09:53 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-29 09:53 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-29 09:53 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-29 09:53 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-04-29 09:53 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-04-29 09:53 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-29 09:53 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-29 09:53 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-04-29 09:53 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-04-29 09:53 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-04-29 09:53 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-04-29 09:47 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-04-29 09:04 . 2011-04-29 09:06 -------- d-----w- c:\windows\system32\ca-ES
2011-04-29 09:04 . 2011-04-29 09:06 -------- d-----w- c:\windows\system32\eu-ES
2011-04-29 09:04 . 2011-04-29 09:06 -------- d-----w- c:\windows\system32\vi-VN
2011-04-29 08:20 . 2011-04-29 08:20 -------- d-----w- c:\windows\system32\EventProviders
2011-04-29 07:42 . 2011-05-04 20:54 -------- d-----w- c:\program files\SpywareBlaster
2011-04-27 22:59 . 2011-04-27 22:59 102400 ----a-w- c:\windows\RegBootClean.exe
2011-04-27 00:41 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 00:41 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-23 20:27 . 2011-04-29 09:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-23 20:27 . 2011-04-29 09:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-15 21:20 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 21:20 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:40 . 2011-04-27 00:41 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 00:41 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 00:41 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 00:41 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-04-14 16:26 . 2011-05-07 21:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-30 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SBC_McciTrayApp"="c:\program files\SBC\update\SST.exe" [2007-02-28 1011200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-19 1838592]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-26 198160]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-06 17:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 135664]
R2 gupdate1ca86294fbaa36f;Google Update Service (gupdate1ca86294fbaa36f);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 01:29]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 01:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\users\Brute Squad\AppData\Roaming\Mozilla\Firefox\Profiles\xax10xch.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.com/|https://retailer.diamondcomics.com/main/login.asp|https://login.secureserver.net/index.php?app=wbe&domain=email.brutesquadentertainment.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 17:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-13 17:39:11
ComboFix-quarantined-files.txt 2011-05-13 22:39
ComboFix2.txt 2011-05-12 00:46
.
Pre-Run: 178,073,268,224 bytes free
Post-Run: 178,046,345,216 bytes free
.
- - End Of File - - 03BAD659617B7132D32DD0E3B0725D17


Thanks again for your help,
Matt.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 14 May 2011 - 09:13 AM

Hello, mrapple.


Step 1

Next, we need to remove old Java versions.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java™ 6 Update 5
  • Reboot your computer once all Java components are removed.




Step 2

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/download/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

Please download TFC by OldTimer and save it to your desktop.
alternate download link


  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 mrapple

mrapple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 16 May 2011 - 09:34 AM

Hello etavares,

I've completed all the steps you asked. When I ran the ESET Online scan, it found zero threats. I could not find an option to generate a text file so I do not have any file to put in this reply. Let me know if I've done something wrong.

Thanks for your assistance,
Matt.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 16 May 2011 - 06:04 PM

That's a good clean scan. They're rare. :) How is it running at this point?

Also, there was an error when creating a system restore point. Please try to create one now:
  • Click Start
  • right-click on Computer and select Properties
  • Click System Protection from the left side
  • Click System Protection tab
  • Click Create at the bottom
  • Call it Test System Restore and press Enter. Wait a bit.
  • Does it tell you the restore point was created successfully? Or did you get an error?



Finally, please post and OTL Quick Scan log in your reply for a final check.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 mrapple

mrapple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 17 May 2011 - 07:32 AM

Hello etavares,

The computer seems to be running fine at this point. I was able to successfully create the system restore point. I ran the OTL scan using the same custom scan settings you ask for last time. I did not get an "extras" log this time, only OTL.txt. Here is the output from that one:

OTL logfile created on: 5/17/2011 7:14:07 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Brute Squad\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 162.29 Gb Free Space | 72.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.14 Gb Free Space | 61.35% Space Free | Partition Type: NTFS

Computer Name: BRUTESQUAD-PC | User Name: Brute Squad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 07:51:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/11/04 22:09:22 | 000,980,368 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/12/26 07:48:37 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/02/28 14:35:32 | 001,011,200 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC\update\SST.exe
PRC - [2007/01/15 20:11:50 | 000,057,344 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\MultiPASS4\mpservic.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 07:51:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2008/07/06 12:07:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/15 20:11:50 | 000,057,344 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\MultiPASS4\mpservic.exe -- (MpService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.ebay.com/|https://retailer.diamondcomics.com/main/login.asp|https://login.secureserver.net/index.php?app=wbe&domain=email.brutesquadentertainment.com"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dcdccc8&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/13 19:28:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/05/13 19:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 16:29:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/07 16:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brute Squad\AppData\Roaming\Mozilla\Extensions
[2011/05/07 16:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/13 19:28:44 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/13 19:28:56 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.004.022.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/12/05 13:08:23 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\BRUTE SQUAD\APPDATA\ROAMING\MOVE NETWORKS
[2009/09/03 15:16:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/11 19:43:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Brute Squad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3864327526-3881131307-310032505-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sca00.dstsystems.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Brute Squad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brute Squad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 08:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/16 07:50:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\TFC.exe
[2011/05/16 07:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/14 11:24:24 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\AVG Security Toolbar
[2011/05/13 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/05/13 19:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/05/13 19:27:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/05/13 17:39:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/13 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\temp
[2011/05/13 17:38:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/13 17:27:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/11 19:34:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/11 19:34:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/11 19:34:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/11 19:34:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/11 19:33:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/11 16:51:29 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Brute Squad\Desktop\aswMBR.exe
[2011/05/09 07:51:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\OTL.exe
[2011/05/07 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Roaming\Mozilla
[2011/05/07 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\Mozilla
[2011/05/07 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/06 18:06:13 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\Microsoft Corporation
[2011/05/05 20:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/29 19:33:09 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Roaming\AVG10
[2011/04/29 19:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/29 19:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/29 18:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/29 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\Desktop\johnnies music files
[2011/04/29 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\Desktop\Store Receipts
[2011/04/29 08:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/04/29 07:53:23 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\Windows Live
[2011/04/29 07:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/04/29 07:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/29 07:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/04/29 07:48:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/04/29 06:29:03 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\AppData\Local\Eraser 6
[2011/04/29 05:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2011/04/29 05:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/04/29 04:04:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/04/29 04:04:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/04/29 04:04:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/04/29 03:20:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/04/29 02:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/29 02:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/04/29 02:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/29 02:20:35 | 000,000,000 | ---D | C] -- C:\Users\Brute Squad\Desktop\Johnnie's Comic Lists
[2011/04/23 15:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/23 15:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2011/05/17 07:09:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 07:09:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 07:03:44 | 115,220,127 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/17 06:59:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 06:58:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 08:39:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 07:50:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\TFC.exe
[2011/05/16 07:47:11 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/13 19:28:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/11 19:43:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/11 19:18:38 | 004,346,086 | R--- | M] () -- C:\Users\Brute Squad\Desktop\etavaresCF.exe
[2011/05/11 16:53:38 | 000,000,512 | ---- | M] () -- C:\Users\Brute Squad\Desktop\MBR.dat
[2011/05/11 16:51:38 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Brute Squad\Desktop\aswMBR.exe
[2011/05/09 07:51:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brute Squad\Desktop\OTL.exe
[2011/05/09 07:09:54 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/09 07:09:54 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/07 16:29:59 | 000,000,872 | ---- | M] () -- C:\Users\Brute Squad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/07 16:29:59 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/29 20:55:53 | 000,301,568 | ---- | M] () -- C:\Users\Brute Squad\Desktop\gmer.exe
[2011/04/29 20:48:17 | 000,625,664 | ---- | M] () -- C:\Users\Brute Squad\Desktop\dds.scr
[2011/04/29 17:59:16 | 000,000,945 | ---- | M] () -- C:\Users\Brute Squad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/29 17:54:50 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/29 17:54:50 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/29 17:54:40 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/29 09:26:29 | 000,279,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/29 06:07:18 | 000,308,540 | ---- | M] () -- C:\Users\Brute Squad\AppData\Local\census.cache
[2011/04/29 06:06:57 | 000,163,838 | ---- | M] () -- C:\Users\Brute Squad\AppData\Local\ars.cache
[2011/04/29 05:42:53 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011/04/29 05:17:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/29 02:42:42 | 000,000,814 | ---- | M] () -- C:\Users\Brute Squad\Desktop\SpywareBlaster.lnk
[2011/04/27 21:27:14 | 005,187,584 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/04/27 17:59:45 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/04/27 17:47:12 | 000,000,036 | ---- | M] () -- C:\Users\Brute Squad\AppData\Local\housecall.guid.cache
[2011/04/27 17:17:06 | 000,000,680 | ---- | M] () -- C:\Users\Brute Squad\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/05/17 07:03:44 | 115,220,127 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/16 07:47:11 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/16 07:47:10 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/13 19:28:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/11 19:34:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/11 19:34:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/11 19:34:22 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/11 19:34:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/11 19:34:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/11 19:18:26 | 004,346,086 | R--- | C] () -- C:\Users\Brute Squad\Desktop\etavaresCF.exe
[2011/05/11 16:53:38 | 000,000,512 | ---- | C] () -- C:\Users\Brute Squad\Desktop\MBR.dat
[2011/05/07 16:29:59 | 000,000,872 | ---- | C] () -- C:\Users\Brute Squad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/07 16:29:59 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/07 16:29:59 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 20:29:22 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 20:29:21 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 20:48:17 | 000,625,664 | ---- | C] () -- C:\Users\Brute Squad\Desktop\dds.scr
[2011/04/29 17:54:40 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/29 12:45:36 | 000,301,568 | ---- | C] () -- C:\Users\Brute Squad\Desktop\gmer.exe
[2011/04/29 06:07:18 | 000,308,540 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\census.cache
[2011/04/29 06:06:57 | 000,163,838 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\ars.cache
[2011/04/29 05:42:53 | 000,001,672 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2011/04/29 05:42:53 | 000,001,660 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011/04/29 05:17:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/29 02:42:42 | 000,000,814 | ---- | C] () -- C:\Users\Brute Squad\Desktop\SpywareBlaster.lnk
[2011/04/27 17:59:39 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/04/27 17:47:12 | 000,000,036 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\housecall.guid.cache
[2011/04/27 17:17:06 | 000,000,680 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\d3d9caps.dat
[2009/09/18 15:52:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 15:52:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/20 14:48:01 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/01/17 20:51:44 | 000,010,831 | ---- | C] () -- C:\Windows\System32\mpupmon.dll
[2009/01/17 20:50:21 | 000,001,138 | ---- | C] () -- C:\Windows\System32\MpEnum.ini
[2009/01/17 20:50:21 | 000,000,026 | ---- | C] () -- C:\Windows\System32\MpNetIpc.ini
[2008/09/25 15:30:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/08 16:10:25 | 000,111,104 | ---- | C] () -- C:\Users\Brute Squad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/06 14:35:11 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/06 14:35:11 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/06 14:35:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/06 14:35:11 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/03 18:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,279,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/29 19:33:09 | 000,000,000 | ---D | M] -- C:\Users\Brute Squad\AppData\Roaming\AVG10
[2010/09/16 13:25:04 | 000,000,000 | ---D | M] -- C:\Users\Brute Squad\AppData\Roaming\Juniper Networks
[2009/02/14 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\Brute Squad\AppData\Roaming\Skinux
[2010/08/28 11:34:45 | 000,000,000 | ---D | M] -- C:\Users\Brute Squad\AppData\Roaming\Temp
[2011/05/16 09:35:02 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >
[2011/03/03 08:25:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/05/13 17:39:12 | 000,011,521 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/06 14:35:21 | 000,004,762 | RH-- | M] () -- C:\dell.sdr
[2011/04/27 16:28:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2011/05/17 06:58:27 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2002/02/11 16:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDy6.DLL
[2002/02/11 16:00:00 | 000,043,008 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPy6.DLL
[2010/09/02 15:17:50 | 000,196,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


Thanks for your help,
Matt.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 17 May 2011 - 04:56 PM

Hello, mrapple.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1



Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click Posted Imageicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 mrapple

mrapple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 19 May 2011 - 05:57 PM

Hello etavares,

Sorry for the delayed response.

When I attempted to run Combofix /Uninstall, I got a message saying Combofix could not run while AVG was installed. Do I need to uninstall AVG again to perform the Combofix /Uninstall? The Combofix icon is still on my desktop, and it appears to be still installed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users