Jump to content

I have a Chinese ? infection that is creeping into your system


starrats
 Share

Recommended Posts

Hello starrats! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please follow the instructions here to download and run ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Post the log file when you are ready.

Link to post
Share on other sites

THANK YOU! You're amazing.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 11/1/2010 3:41:34 PM

System Uptime: 11/17/2011 4:16:54 PM (0 hours ago)

.

Motherboard: eMachines | | WMCP61M

Processor: AMD Athlon Processor 2650e | Socket AM2 | 1607/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 139 GiB total, 65.054 GiB free.

E: is Removable

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMATAPI_DVD_A__DH16A6S____________________YA17____\5&2422FEAC&0&0.0.0

Manufacturer: (Standard CD-ROM drives)

Name: ATAPI DVD A DH16A6S

PNP Device ID: IDE\CDROMATAPI_DVD_A__DH16A6S____________________YA17____\5&2422FEAC&0&0.0.0

Service: cdrom

.

==== System Restore Points ===================

.

RP345: 8/19/2011 2:55:55 PM - System Checkpoint

RP346: 8/20/2011 3:10:12 PM - System Checkpoint

RP347: 8/21/2011 3:43:58 PM - System Checkpoint

RP348: 8/22/2011 4:53:33 PM - System Checkpoint

RP349: 8/23/2011 5:13:58 PM - System Checkpoint

RP350: 8/24/2011 6:00:18 AM - Software Distribution Service 3.0

RP351: 8/25/2011 9:13:58 AM - System Checkpoint

RP352: 8/26/2011 10:10:19 AM - System Checkpoint

RP353: 8/27/2011 11:00:01 AM - System Checkpoint

RP354: 8/28/2011 12:45:26 PM - System Checkpoint

RP355: 8/29/2011 1:25:30 PM - System Checkpoint

RP356: 8/30/2011 1:55:42 PM - System Checkpoint

RP357: 8/30/2011 7:26:08 PM - Restore Operation

RP358: 8/31/2011 7:33:02 PM - System Checkpoint

RP359: 9/1/2011 8:31:48 PM - System Checkpoint

RP360: 9/3/2011 12:05:58 AM - System Checkpoint

RP361: 9/4/2011 4:14:47 AM - System Checkpoint

RP362: 9/5/2011 6:00:39 AM - System Checkpoint

RP363: 9/6/2011 6:54:18 AM - System Checkpoint

RP364: 9/7/2011 6:00:16 AM - Software Distribution Service 3.0

RP365: 9/8/2011 6:20:15 AM - System Checkpoint

RP366: 9/9/2011 7:19:15 AM - System Checkpoint

RP367: 9/10/2011 8:17:05 AM - System Checkpoint

RP368: 9/11/2011 9:16:06 AM - System Checkpoint

RP369: 9/12/2011 10:16:05 AM - System Checkpoint

RP370: 9/13/2011 11:15:03 AM - System Checkpoint

RP371: 9/14/2011 11:44:08 AM - System Checkpoint

RP372: 9/15/2011 2:56:03 PM - System Checkpoint

RP373: 9/16/2011 6:00:15 AM - Software Distribution Service 3.0

RP374: 9/17/2011 6:24:18 AM - System Checkpoint

RP375: 9/18/2011 7:23:18 AM - System Checkpoint

RP376: 9/19/2011 8:23:17 AM - System Checkpoint

RP377: 9/20/2011 9:23:18 AM - System Checkpoint

RP378: 9/21/2011 1:15:25 AM - Installed Microsoft Office Professional Plus 2010

RP379: 9/21/2011 1:29:20 AM - Installed Microsoft Office Professional Plus 2010

RP380: 9/21/2011 1:59:27 AM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed

RP381: 9/21/2011 11:39:49 PM - Removed Ask Toolbar.

RP382: 9/21/2011 11:40:50 PM - Removed WinZip 15.0

RP383: 9/22/2011 11:04:16 PM - Removed iTunes

RP384: 9/22/2011 11:20:05 PM - Installed iTunes

RP385: 9/22/2011 11:34:21 PM - Restore Operation

RP386: 9/22/2011 11:52:00 PM - Removed Microsoft Office PowerPoint Viewer 2007 (English)

RP387: 9/22/2011 11:54:38 PM - Removed Microsoft Silverlight

RP388: 9/22/2011 11:56:06 PM - Removed Microsoft Works

RP389: 9/23/2011 12:41:55 AM - Removed Ask Toolbar.

RP390: 9/23/2011 1:10:52 AM - Restore Operation

RP391: 9/23/2011 9:13:01 PM - Installed AVG 2012

RP392: 9/23/2011 9:13:18 PM - Removed AVG 2011

RP393: 9/23/2011 9:13:51 PM - Installed AVG 2012

RP394: 9/23/2011 9:19:27 PM - Removed AVG 2011

RP395: 9/23/2011 9:46:45 PM - Software Distribution Service 3.0

RP396: 9/24/2011 12:30:15 AM - Restore Operation

RP397: 9/24/2011 12:42:56 AM - Restore Operation

RP398: 9/25/2011 7:48:50 AM - System Checkpoint

RP399: 9/26/2011 8:28:48 AM - System Checkpoint

RP400: 9/27/2011 9:28:51 AM - System Checkpoint

RP401: 9/28/2011 10:28:51 AM - System Checkpoint

RP402: 9/29/2011 6:00:18 AM - Software Distribution Service 3.0

RP403: 9/30/2011 6:00:17 AM - Software Distribution Service 3.0

RP404: 10/1/2011 6:00:20 AM - Software Distribution Service 3.0

RP405: 10/2/2011 6:00:21 AM - Software Distribution Service 3.0

RP406: 10/3/2011 6:00:21 AM - Software Distribution Service 3.0

RP407: 10/4/2011 6:00:16 AM - Software Distribution Service 3.0

RP408: 10/5/2011 6:00:19 AM - Software Distribution Service 3.0

RP409: 10/6/2011 6:00:19 AM - Software Distribution Service 3.0

RP410: 10/7/2011 6:00:20 AM - Software Distribution Service 3.0

RP411: 10/8/2011 6:01:02 AM - Software Distribution Service 3.0

RP412: 10/9/2011 6:00:36 AM - Software Distribution Service 3.0

RP413: 10/10/2011 6:00:18 AM - Software Distribution Service 3.0

RP414: 10/11/2011 6:00:17 AM - Software Distribution Service 3.0

RP415: 10/12/2011 8:03:47 AM - System Checkpoint

RP416: 10/13/2011 6:00:20 AM - Software Distribution Service 3.0

RP417: 10/14/2011 6:00:17 AM - Software Distribution Service 3.0

RP418: 10/15/2011 11:28:30 PM - Software Distribution Service 3.0

RP419: 10/16/2011 1:38:11 AM - Configured Power2Go

RP420: 10/16/2011 1:39:16 AM - Removed iTunes

RP421: 10/16/2011 2:22:20 AM - Software Distribution Service 3.0

RP422: 10/16/2011 2:27:15 AM - Installed WinZip 15.5

RP423: 10/16/2011 6:00:29 AM - Software Distribution Service 3.0

RP424: 10/16/2011 2:47:12 PM - Configured PowerStarter

RP425: 10/16/2011 2:48:00 PM - Removed Facebook Video Calling 1.0.0.8714

RP426: 10/16/2011 2:59:19 PM - Removed Adobe Reader X (10.1.0).

RP427: 10/16/2011 3:03:02 PM - Removed Microsoft Office Professional Plus 2010

RP428: 10/16/2011 3:23:06 PM - Removed Bonjour

RP429: 10/16/2011 3:24:28 PM - Removed Microsoft Office Suite Activation Assistant.

RP430: 10/16/2011 3:25:40 PM - Removed Apple Mobile Device Support

RP431: 10/16/2011 3:53:44 PM - Restore Operation

RP432: 10/16/2011 4:06:58 PM - Software Distribution Service 3.0

RP433: 10/16/2011 5:04:24 PM - Software Distribution Service 3.0

RP434: 10/16/2011 5:15:29 PM - Installed AVG 2012

RP435: 10/16/2011 5:16:02 PM - Installed AVG 2012

RP436: 10/16/2011 6:12:26 PM - Software Distribution Service 3.0

RP437: 10/16/2011 7:30:06 PM - AVG Regisry Defrag - before defragmentation

RP438: 10/16/2011 7:34:40 PM - Software Distribution Service 3.0

RP439: 10/16/2011 4:51:34 PM - Software Distribution Service 3.0

RP440: 10/16/2011 5:02:38 PM - Software Distribution Service 3.0

RP441: 10/16/2011 5:42:20 PM - Software Distribution Service 3.0

RP442: 10/17/2011 5:35:15 AM - Restore Operation

RP443: 11/8/2011 7:45:14 PM - Software Distribution Service 3.0

RP444: 11/9/2011 1:20:34 AM - Removed Bonjour

RP445: 11/9/2011 1:21:17 AM - Configured PowerStarter

RP446: 11/9/2011 1:22:14 AM - Removed HP Button Manager

RP447: 11/9/2011 3:00:16 AM - Software Distribution Service 3.0

RP448: 11/10/2011 3:00:33 AM - Software Distribution Service 3.0

RP449: 11/11/2011 3:00:30 AM - Software Distribution Service 3.0

RP450: 11/11/2011 8:40:03 PM - Software Distribution Service 3.0

RP451: 11/12/2011 9:43:40 PM - System Checkpoint

RP452: 11/13/2011 3:00:39 AM - Software Distribution Service 3.0

RP453: 11/14/2011 3:00:17 AM - Software Distribution Service 3.0

RP454: 11/15/2011 3:00:25 AM - Software Distribution Service 3.0

RP455: 11/15/2011 11:09:47 PM - Software Distribution Service 3.0

RP456: 11/16/2011 3:00:41 AM - Software Distribution Service 3.0

RP457: 11/17/2011 12:11:13 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 1 (SP1)

32 Bit HP CIO Components Installer

3600_Help

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.5

Agere Systems PCI-SV92EX Soft Modem

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

AVG 2012

AVG PC Tuneup 2011

AVG PC Tuneup 2011 Patch

BPD_Scan

BPDSoftware_Ini

BufferChm

Choice Guard

CyberLink LabelPrint

CyberLink Power2Go

CyberLink PowerDVD

eMachines Recovery Management

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP OfficeJet J3600

HP Webcam User's Guide

Instalación de DivX

iTunes

J3600_Basic

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MobileMe Control Panel

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

NVIDIA PhysX

QuickTime

RCA Detective™ 3.0.3.0

RCA easyRip 2.5.6.0

RCA Updater 2.1.7.0

Realtek High Definition Audio Driver

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows XP (KB2544893-v2)

Segoe UI

Skype™ 5.0

Smart Defrag 2

TeamViewer 6

Toolbox

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Office 2007 (KB946691)

Update for Windows XP (KB2641690)

VC80CRTRedist - 8.0.50727.6195

WebCam Companion

WebFldrs XP

WebReg

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

WinZip 15.0

.

==== Event Viewer Messages From Past Week ========

.

11/16/2011 11:49:05 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

11/15/2011 6:33:39 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.

11/15/2011 6:33:39 PM, error: Service Control Manager [7000] - The AVG Firewall service failed to start due to the following error: The system cannot find the file specified.

11/15/2011 6:33:39 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.

11/15/2011 6:33:39 PM, error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The system cannot find the file specified.

11/15/2011 5:17:30 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/15/2011 3:02:00 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073).

11/14/2011 9:39:13 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

11/14/2011 9:39:12 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The system cannot find the file specified.

11/14/2011 9:39:11 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.

11/14/2011 9:39:11 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.

11/14/2011 3:00:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Update for Windows XP (KB2641690).

11/12/2011 8:24:16 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgtdix.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by family at 16:39:50 on 2011-11-17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.285 [GMT -5:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\1240934875:618006710.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

svchost.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Gaqkqhiwysmpg\duoeyev.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Gaqkqhiwysmpg\duoeyev.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Documents and Settings\family\My Documents\RCA Detective\RCADetective.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page =

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=1110&m=el1300g

uSearch Bar =

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=1110&m=el1300g

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=1110&m=el1300g

mSearchAssistant =

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Facetheme: {70c6e9de-f30e-4a40-8a6f-9572c2328320} - c:\program files\object\bho_project.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Link to post
Share on other sites

ComboFix 11-11-20.02 - family 11/20/2011 19:08:27.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.513 [GMT -5:00]

Running from: c:\documents and settings\family\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\8927A071.TMP

c:\program files\Object

c:\program files\Object\config.ini

c:\program files\StartNow Toolbar

c:\program files\Uninstall.exe

c:\program files\Uninstall.ini

c:\windows\$NtUninstallKB54175$

c:\windows\$NtUninstallKB54175$\3676960585\@

c:\windows\$NtUninstallKB54175$\3676960585\L\aatagjfo

c:\windows\$NtUninstallKB54175$\3676960585\loader.tlb

c:\windows\$NtUninstallKB54175$\3676960585\U\@00000001

c:\windows\$NtUninstallKB54175$\3676960585\U\@000000c0

c:\windows\$NtUninstallKB54175$\3676960585\U\@000000cb

c:\windows\$NtUninstallKB54175$\3676960585\U\@000000cf

c:\windows\$NtUninstallKB54175$\3676960585\U\@80000000

c:\windows\$NtUninstallKB54175$\3676960585\U\@800000c0

c:\windows\$NtUninstallKB54175$\3676960585\U\@800000cb

c:\windows\$NtUninstallKB54175$\3676960585\U\@800000cf

c:\windows\$NtUninstallKB54175$\507658182

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\system32\

c:\windows\system32\c_65860.nl_

c:\windows\system32\c_65860.nls

.

Infected copy of c:\windows\system32\drivers\avgtdix.sys was found and disinfected

Restored copy from - The cat found it :)

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP457\A0120093.exe

.

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected

Restored copy from - c:\windows\Driver Cache\i386\cdrom.sys

.

Infected copy of c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\ArcSoft\Connection Service\Bin\

.

Infected copy of c:\program files\AVG\AVG2012\avgwdsvc.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP388\A0090672.exe

.

Infected copy of c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe was found and disinfected

Restored copy from - c:\program files\Malwarebytes' Anti-Malware\

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_db29f749

.

.

((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))

.

.

2011-11-21 01:09 . 2011-11-21 01:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-11-21 00:05 . 2011-04-05 07:59 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-11-17 21:36 . 2011-11-17 21:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-17 21:36 . 2011-11-17 21:36 -------- d-----w- c:\documents and settings\family\Application Data\Malwarebytes

2011-11-17 21:35 . 2011-11-17 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-17 21:35 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-17 21:35 . 2011-11-21 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-16 08:01 . 2011-11-16 08:14 -------- d-----w- C:\07b0b1ed19c243060275c9c78ff9b4e4

2011-11-09 00:12 . 2011-11-09 00:12 -------- d-----w- c:\documents and settings\Administrator.EMACHINE-98E05C\Local Settings\Application Data\Temp

2011-11-09 00:12 . 2011-11-09 00:12 -------- d-----w- c:\documents and settings\Administrator.EMACHINE-98E05C\Local Settings\Application Data\Adobe

2011-11-08 23:03 . 2008-04-14 12:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-09 01:18 . 2011-08-03 09:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2009-03-13 15:26 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2009-03-13 15:15 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2009-03-13 15:15 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2009-03-13 15:15 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 13:30 . 2010-09-07 11:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20 . 2009-03-13 15:16 1858944 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-07-26 17:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"c50e8"="c:\program files\Gaqkqhiwysmpg\duoeyev.exe" [2006-11-22 2287264]

"Easy Dock"="c:\documents and settings\family\My Documents\RCA easyRip\EZDock.exe" [2011-01-18 585728]

"uTorrent"="c:\documents and settings\family\Desktop\utorrent.exe" [2011-10-16 641400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]

"nwiz"="nwiz.exe" [2008-02-25 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"c50e8"="c:\program files\Gaqkqhiwysmpg\duoeyev.exe" [2006-11-22 2287264]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-11-09 247968]

.

c:\documents and settings\family\Start Menu\Programs\Startup\

RCA Detective.lnk - c:\documents and settings\family\My Documents\RCA Detective\RCADetective.exe [2011-7-29 868864]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Documents and Settings\\family\\Desktop\\utorrent.exe"=

"c:\\Documents and Settings\\family\\My Documents\\RCA Updater\\RCAUpdateBootstrap.exe"=

"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=

"c:\\Documents and Settings\\family\\My Documents\\RCA easyRip\\EZDock.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 6:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 6:48 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 7:12 AM 229840]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/20/2011 7:05 PM 297168]

R1 qtsmon;qtsmon;c:\windows\system32\drivers\qtsmon.sys [11/28/2010 10:16 AM 72488]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [11/20/2011 7:27 PM 265400]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/20/2011 7:28 PM 366152]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 6:23 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 6:23 PM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 6:23 PM 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/17/2011 4:35 PM 22216]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\Drivers\SmartDefragDriver.sys --> c:\windows\system32\Drivers\SmartDefragDriver.sys [?]

S2 avgfws;AVG Firewall;"c:\program files\AVG\AVG10\avgfws.exe" --> c:\program files\AVG\AVG10\avgfws.exe [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 8:23 AM 5265248]

S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe --> c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [4/8/2011 10:31 PM 1025352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2011-11-21 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job

- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-01-28 02:22]

.

2011-11-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1043198755-3179742922-2167395947-1005Core.job

- c:\documents and settings\family\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-08 02:29]

.

2011-11-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1043198755-3179742922-2167395947-1005UA.job

- c:\documents and settings\family\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-08 02:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=1110&m=el1300g

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Easy Dock - (no file)

AddRemove-AVG PC Tuneup 2011 Patch - c:\program files\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-20 20:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(972)

c:\windows\system32\WININET.dll

c:\windows\system32\msauncer-.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\system32\msiexec.exe

.

**************************************************************************

.

Completion time: 2011-11-20 20:17:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-21 01:17

.

Pre-Run: 70,061,047,808 bytes free

Post-Run: 75,431,669,760 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 1DE01385114252D95208CAF9DB523786

Link to post
Share on other sites

Step 1

You have two installed and active antivirus programs on your system: AVG 2011 and AVG 2012.

Two antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them. I suggest you to uninstall AVG 2011 and the following applications too:

  • AVG PC Tuneup 2011
  • AVG PC Tuneup 2011 Patch

Step 2

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=100056

Collect::
c:\program files\Gaqkqhiwysmpg\duoeyev.exe

File::
c:\documents and settings\family\Desktop\utorrent.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c50e8"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c50e8"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\family\\Desktop\\utorrent.exe"=-

DDS::
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=1110&m=el1300g

ClearJavaCache::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

ComboFix 11-11-21.01 - family 11/21/2011 11:53:28.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.273 [GMT -5:00]

Running from: c:\documents and settings\family\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\family\Desktop\CFScript.txt

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

FILE ::

"c:\documents and settings\family\Desktop\utorrent.exe"

.

file zipped: c:\program files\Gaqkqhiwysmpg\duoeyev.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\family\Desktop\utorrent.exe

c:\program files\Gaqkqhiwysmpg\duoeyev.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))

.

.

2011-11-21 00:05 . 2011-04-05 07:59 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-11-17 21:36 . 2011-11-17 21:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-17 21:36 . 2011-11-17 21:36 -------- d-----w- c:\documents and settings\family\Application Data\Malwarebytes

2011-11-17 21:35 . 2011-11-17 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-17 21:35 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-17 21:35 . 2011-11-21 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-16 08:01 . 2011-11-16 08:14 -------- d-----w- C:\07b0b1ed19c243060275c9c78ff9b4e4

2011-11-09 00:12 . 2011-11-09 00:12 -------- d-----w- c:\documents and settings\Administrator.EMACHINE-98E05C\Local Settings\Application Data\Temp

2011-11-09 00:12 . 2011-11-09 00:12 -------- d-----w- c:\documents and settings\Administrator.EMACHINE-98E05C\Local Settings\Application Data\Adobe

2011-11-08 23:03 . 2008-04-14 12:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-09 01:18 . 2011-08-03 09:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2009-03-13 15:26 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2009-03-13 15:15 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2009-03-13 15:15 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2009-03-13 15:15 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 13:30 . 2010-09-07 11:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20 . 2009-03-13 15:16 1858944 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-07-26 17:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Easy Dock"="c:\documents and settings\family\My Documents\RCA easyRip\EZDock.exe" [2011-01-18 585728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]

"nwiz"="nwiz.exe" [2008-02-25 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Easy Dock"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-11-09 247968]

.

c:\documents and settings\family\Start Menu\Programs\Startup\

RCA Detective.lnk - c:\documents and settings\family\My Documents\RCA Detective\RCADetective.exe [2011-7-29 868864]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Documents and Settings\\family\\My Documents\\RCA Updater\\RCAUpdateBootstrap.exe"=

"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=

"c:\\Documents and Settings\\family\\My Documents\\RCA easyRip\\EZDock.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 6:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 6:48 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 7:12 AM 229840]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/20/2011 7:05 PM 297168]

R1 qtsmon;qtsmon;c:\windows\system32\drivers\qtsmon.sys [11/28/2010 10:16 AM 72488]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [11/20/2011 7:27 PM 265400]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/20/2011 7:28 PM 366152]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 6:23 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 6:23 PM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 6:23 PM 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/17/2011 4:35 PM 22216]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\Drivers\SmartDefragDriver.sys --> c:\windows\system32\Drivers\SmartDefragDriver.sys [?]

S2 avgfws;AVG Firewall;"c:\program files\AVG\AVG10\avgfws.exe" --> c:\program files\AVG\AVG10\avgfws.exe [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 8:23 AM 5265248]

S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe --> c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [4/8/2011 10:31 PM 1025352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2011-11-21 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job

- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-01-28 02:22]

.

2011-11-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1043198755-3179742922-2167395947-1005Core.job

- c:\documents and settings\family\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-08 02:29]

.

2011-11-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1043198755-3179742922-2167395947-1005UA.job

- c:\documents and settings\family\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-08 02:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-uTorrent - c:\documents and settings\family\Desktop\utorrent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-21 12:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(188)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

.

**************************************************************************

.

Completion time: 2011-11-21 12:15:31 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-21 17:15

ComboFix2.txt 2011-11-21 01:17

.

Pre-Run: 75,221,782,528 bytes free

Post-Run: 75,253,903,360 bytes free

.

- - End Of File - - F61564627F9BE6302696565F9DBEF7A2

Upload was successful

Link to post
Share on other sites

Step 1

Locate and manually delete the following folder:

c:\program files\Gaqkqhiwysmpg

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

The computer won't let me launch Malwarebytes' Anti-Malware. A popup comes up saying that " Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them." This has been happening with almost every program I have, like iTunes.

Link to post
Share on other sites

Step 1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Step 2

  1. Download aswMBR.exe (1870KB) to your desktop.
  2. Double click the aswMBR.exe to run it
    aswMBR1.png
  3. Click the [scan] button to start scan
    aswMBR2.png
  4. On completion of the scan click [save log], save it to your desktop and post in your next reply.

In your next reply, please post the following log files:

  • OTL log file with Extras.txt
  • aswMBR log

Link to post
Share on other sites

Well, this is the ESET Onile Scanner log..

C:\Documents and Settings\family\My Documents\Downloads\AVG+Anti-Virus+Free+Edition.exe MSIL/Solimba.A application deleted - quarantined

C:\Documents and Settings\family\My Documents\Downloads\Microsoft.Windows.7.Enterprise..x86.x64.SP1.Integrated.August.2011-BIE\DVD1 - x64\bie764811.iso a variant of Win32/HackKMS.A application deleted - quarantined

C:\Documents and Settings\family\My Documents\Downloads\Windows 7 Ultimate Fully Activated Genuine x86 x64 - Team ! M-J-R !\Windows 7 Loader.zip a variant of Win32/HackKMS.A application deleted - quarantined

C:\Program Files\AVG\AVG2012\avgemcx.exe Win32/Patched.HN trojan error while cleaning

C:\Program Files\AVG\AVG2012\avgnsx.exe Win32/Patched.HN trojan error while cleaning

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe Win32/Patched.HN trojan cleaned - quarantined

C:\Program Files\Internet Explorer\iexplore.exe Win32/Patched.HN trojan error while cleaning

C:\Program Files\SUPERAntiSpyware\SASCore.exe Win32/Patched.HN trojan cleaned - quarantined

C:\Qoobox\Quarantine\C\Program Files\AVG\AVG2012\avgwdsvc.exe.vir Win32/Patched.HN trojan cleaned - quarantined

C:\Qoobox\Quarantine\C\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe.vir Win32/Patched.HN trojan cleaned - quarantined

C:\Qoobox\Quarantine\C\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe.vir Win32/Patched.HN trojan cleaned - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\c_65860.nl_.vir a variant of Win32/Sirefef.CR trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir Win32/Patched.HN trojan cleaned - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\avgtdix.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP380\A0089399.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP382\A0090092.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP383\A0090256.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP385\A0090302.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP385\A0090303.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP389\A0090727.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP390\A0090752.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP390\A0091059.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP390\A0091091.sys Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP395\A0091421.dll Win32/Rootkit.Agent.NUT trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP395\A0093429.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP395\A0093430.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP396\A0093490.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP396\A0093491.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP396\A0093499.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP396\A0093500.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0093543.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0095593.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0095594.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0095606.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0095607.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0095615.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0095616.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0096615.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0096616.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0097615.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0097616.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0098615.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP397\A0098616.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP401\A0098963.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP412\A0099086.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP412\A0099087.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP413\A0099108.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP413\A0099109.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP414\A0099144.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP414\A0099145.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP416\A0099617.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP416\A0099618.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP423\A0103069.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP423\A0103070.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP425\A0103502.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP425\A0103503.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP427\A0105017.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP427\A0105018.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP431\A0105348.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP431\A0105455.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP431\A0105456.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP435\A0105914.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP435\A0105915.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP435\A0105974.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP435\A0105975.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP438\A0106496.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP438\A0106497.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP438\A0106498.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP438\A0106499.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP441\A0106927.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP441\A0106928.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0107302.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0107539.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0107585.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0108220.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0108221.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0108231.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0108232.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0108240.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0108241.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0108249.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0108250.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0109249.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0109250.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0110249.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0110250.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0111249.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0111250.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0111258.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0111259.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0111270.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP442\A0111271.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP443\A0111330.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP443\A0111331.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP443\A0111355.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP443\A0111356.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP443\A0111388.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP443\A0111389.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP447\A0111525.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP447\A0111526.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP449\A0113690.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP449\A0113691.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP453\A0115807.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP453\A0115808.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP454\A0116807.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP454\A0116808.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP455\A0118966.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP455\A0118967.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP456\A0119966.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP456\A0119967.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP457\A0120098.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP457\A0120099.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP459\A0120258.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP459\A0120259.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP460\A0120332.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP460\A0120335.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP460\A0120336.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP461\A0120470.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP461\A0120471.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP461\A0120477.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP461\A0120519.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP461\A0120520.sys a variant of Win32/Rootkit.Kryptik.DM trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP461\A0120521.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP461\A0120522.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP461\A0120523.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP462\A0121123.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP462\A0121124.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP462\A0121125.exe Win32/Patched.HN trojan cleaned - quarantined

C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP462\A0121129.exe Win32/Patched.HN trojan cleaned - quarantined

C:\WINDOWS\system32\msauncer-.dll a variant of Win32/Spy.KeyLogger.NOB trojan cleaned by deleting - quarantined

Operating memory Win32/Patched.HN trojan

Link to post
Share on other sites

Here you go good sir.

OTL Extras logfile created on: 11/21/2011 9:25:04 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\family\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 391.06 Mb Available Physical Memory | 43.72% Memory free

2.12 Gb Paging File | 1.64 Gb Available in Paging File | 77.31% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 139.04 Gb Total Space | 71.44 Gb Free Space | 51.38% Space Free | Partition Type: NTFS

Computer Name: EMACHINE-98E05C | User Name: family | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- ()

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- ()

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

"C:\Documents and Settings\family\My Documents\RCA Updater\RCAUpdateBootstrap.exe" = C:\Documents and Settings\family\My Documents\RCA Updater\RCAUpdateBootstrap.exe:*:Disabled:RCA Bootstrap Installer -- (Audiovox Electronics, Corp.)

"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" = C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Disabled:DivX Update -- ()

"C:\Documents and Settings\family\My Documents\RCA easyRip\EZDock.exe" = C:\Documents and Settings\family\My Documents\RCA easyRip\EZDock.exe:*:Disabled:EZ Dock -- (Audiovox Electronics Corp.)

"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Disabled:Java Update Checker -- (Sun Microsystems, Inc.)

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 26

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{413AA75E-64BA-470A-98D1-1ECC0F0DA175}" = J3600_Basic

"{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}" = AVG 2012

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD

"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = WebCam Companion

"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)

"{AFDAB4B7-E5CE-4277-9ABB-8D8C5E12853D}" = 3600_Help

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide

"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E593C3B6-6C5A-4AFC-A4F7-CCB94F60C888}" = BPDSoftware_Ini

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"{ECF40A6B-F164-493E-AD93-8B9946871BC5}" = HP OfficeJet J3600

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem

"AVG" = AVG 2012

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"DivX Setup" = Instalación de DivX

"ESET Online Scanner" = ESET Online Scanner v3

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"RCA Detective™_is1" = RCA Detective™ 3.0.3.0

"RCA easyRip_is1" = RCA easyRip 2.5.6.0

"RCA Updater_is1" = RCA Updater 2.1.7.0

"Smart Defrag 2_is1" = Smart Defrag 2

"TeamViewer 6" = TeamViewer 6

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/17/2011 1:14:06 AM | Computer Name = EMACHINE-98E05C | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2572073,

P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10

0.

Error - 11/18/2011 4:04:11 AM | Computer Name = EMACHINE-98E05C | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2572073'

could not be installed. Error code 1603. Additional information is available in

the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework

2.0-KB2572073_20111118_080035062-Msi0.txt.

Error - 11/18/2011 4:04:12 AM | Computer Name = EMACHINE-98E05C | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2572073,

P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10

0.

Error - 11/20/2011 8:05:05 PM | Computer Name = EMACHINE-98E05C | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server returned an invalid or unrecognized response

Error - 11/20/2011 8:05:07 PM | Computer Name = EMACHINE-98E05C | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server returned an invalid or unrecognized response

Error - 11/20/2011 8:08:30 PM | Computer Name = EMACHINE-98E05C | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

Error - 11/20/2011 9:06:51 PM | Computer Name = EMACHINE-98E05C | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

Error - 11/20/2011 9:06:51 PM | Computer Name = EMACHINE-98E05C | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 11/21/2011 4:02:55 AM | Computer Name = EMACHINE-98E05C | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2572073'

could not be installed. Error code 1603. Additional information is available in

the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework

2.0-KB2572073_20111121_080030843-Msi0.txt.

Error - 11/21/2011 4:02:56 AM | Computer Name = EMACHINE-98E05C | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2572073,

P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10

0.

[ System Events ]

Error - 11/21/2011 12:44:22 PM | Computer Name = EMACHINE-98E05C | Source = Service Control Manager | ID = 7000

Description = The iPod Service service failed to start due to the following error:

%%2

Error - 11/21/2011 12:44:23 PM | Computer Name = EMACHINE-98E05C | Source = DCOM | ID = 10005

Description = DCOM got error "%2" attempting to start the service iPod Service with

arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 11/21/2011 1:08:48 PM | Computer Name = EMACHINE-98E05C | Source = Service Control Manager | ID = 7000

Description = The Agere Modem Call Progress Audio service failed to start due to

the following error: %%2

Error - 11/21/2011 1:08:48 PM | Computer Name = EMACHINE-98E05C | Source = Service Control Manager | ID = 7000

Description = The Apple Mobile Device service failed to start due to the following

error: %%2

Error - 11/21/2011 1:08:48 PM | Computer Name = EMACHINE-98E05C | Source = Service Control Manager | ID = 7000

Description = The AVG Firewall service failed to start due to the following error:

%%2

Error - 11/21/2011 1:08:48 PM | Computer Name = EMACHINE-98E05C | Source = Service Control Manager | ID = 7000

Description = The Java Quick Starter service failed to start due to the following

error: %%2

Error - 11/21/2011 1:08:48 PM | Computer Name = EMACHINE-98E05C | Source = Service Control Manager | ID = 7000

Description = The Cyberlink RichVideo Service(CRVS) service failed to start due

to the following error: %%2

Error - 11/21/2011 1:08:48 PM | Computer Name = EMACHINE-98E05C | Source = Service Control Manager | ID = 7000

Description = The AVGIDSAgent service failed to start due to the following error:

%%5

Error - 11/21/2011 1:09:00 PM | Computer Name = EMACHINE-98E05C | Source = DCOM | ID = 10005

Description = DCOM got error "%2" attempting to start the service iPod Service with

arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 11/21/2011 1:09:00 PM | Computer Name = EMACHINE-98E05C | Source = Service Control Manager | ID = 7000

Description = The iPod Service service failed to start due to the following error:

%%2

< End of report >

OTL logfile created on: 11/21/2011 9:25:04 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\family\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 391.06 Mb Available Physical Memory | 43.72% Memory free

2.12 Gb Paging File | 1.64 Gb Available in Paging File | 77.31% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 139.04 Gb Total Space | 71.44 Gb Free Space | 51.38% Space Free | Partition Type: NTFS

Computer Name: EMACHINE-98E05C | User Name: family | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\family\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Documents and Settings\family\My Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

========== Win32 Services (SafeList) ==========

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found

SRV - (odserv) -- File not found

SRV - (JavaQuickStarterService) -- File not found

SRV - (iPod Service) -- File not found

SRV - (HidServ) -- File not found

SRV - (gusvc) -- File not found

SRV - (gupdatem) Google Update Service (gupdatem) -- File not found

SRV - (ETService) -- File not found

SRV - (avgfws) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (Apple Mobile Device) -- File not found

SRV - (AgereModemAudio) -- File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe ()

SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()

SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ()

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (qtsmon) -- C:\WINDOWS\system32\drivers\qtsmon.sys (AVG)

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys (Acer, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/03 00:36:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/16 16:16:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/04/04 01:38:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/14 00:43:18 | 000,000,000 | ---D | M]

[2011/06/25 19:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\family\Application Data\Mozilla\Extensions

[2011/07/19 18:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\family\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)

CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGACDF&install_date=20110923

CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\family\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\family\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\family\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: AVG Safe Search = C:\Documents and Settings\family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\

CHR - Extension: Facetheme = C:\Documents and Settings\family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl\1.0_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2011/11/21 12:07:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Easy Dock] File not found

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Easy Dock] C:\Documents and Settings\family\My Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)

O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\family\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\family\My Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File not found

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7499248-A32C-42E3-90BA-532D92E07609}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File not found

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/13 10:27:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 21:23:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\family\Desktop\OTL.exe

[2011/11/21 17:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/11/21 17:22:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/11/21 12:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/11/20 19:05:06 | 000,297,168 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2011/11/20 18:51:42 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/11/20 18:46:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/11/20 18:46:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/11/20 18:46:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/11/20 18:46:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/11/20 18:46:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/11/20 18:45:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/11/20 18:39:39 | 004,303,424 | R--- | C] (Swearware) -- C:\Documents and Settings\family\Desktop\ComboFix.exe

[2011/11/17 16:39:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\family\Start Menu\Programs\Administrative Tools

[2011/11/17 16:36:14 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/11/17 16:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\family\Application Data\Malwarebytes

[2011/11/17 16:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/11/17 16:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/11/17 16:35:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/11/17 16:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/11/16 03:01:03 | 000,000,000 | ---D | C] -- C:\07b0b1ed19c243060275c9c78ff9b4e4

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\family\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\family\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 21:23:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\family\Desktop\OTL.exe

[2011/11/21 19:34:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1043198755-3179742922-2167395947-1005UA.job

[2011/11/21 19:34:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1043198755-3179742922-2167395947-1005Core.job

[2011/11/21 14:52:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\family\Local Settings\Application Data\prvlcl.dat

[2011/11/21 12:12:32 | 000,437,376 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/21 12:12:32 | 000,069,410 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/21 12:09:10 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2011/11/21 12:07:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/21 12:07:42 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job

[2011/11/21 12:07:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/21 12:07:34 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/21 11:51:25 | 004,303,424 | R--- | M] (Swearware) -- C:\Documents and Settings\family\Desktop\ComboFix.exe

[2011/11/21 08:44:50 | 110,389,809 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/11/20 18:51:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/11/17 17:08:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/17 16:36:26 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/11/17 16:35:55 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/15 11:25:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/11/08 22:02:41 | 000,004,275 | ---- | M] () -- C:\Documents and Settings\family\My Documents\Raquel Resume.rtf

[2011/11/08 21:18:14 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2011/11/08 20:18:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/11/08 19:58:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/11/08 19:41:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/11/08 17:49:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\family\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\family\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 18:51:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/11/20 18:51:44 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/11/20 18:46:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/11/20 18:46:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/11/20 18:46:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/11/20 18:46:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/11/20 18:46:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/11/17 16:35:55 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/08 21:50:21 | 000,004,275 | ---- | C] () -- C:\Documents and Settings\family\My Documents\Raquel Resume.rtf

[2011/11/08 20:00:41 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\family\Start Menu\Programs\Internet Explorer (2).lnk

[2011/11/08 19:42:47 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys

[2011/09/24 13:11:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/01 08:15:17 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011/08/30 17:41:54 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\family\Application Data\wklnhst.dat

[2011/08/14 03:50:24 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/27 02:43:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\family\Local Settings\Application Data\prvlcl.dat

[2011/03/26 23:12:18 | 000,054,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/01/25 23:35:25 | 000,000,007 | -HS- | C] () -- C:\Documents and Settings\family\Application Data\date

[2011/01/25 23:35:24 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\family\Application Data\evf6

[2010/11/28 10:15:51 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/11/01 20:21:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/01 15:52:09 | 047,369,160 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe

[2010/11/01 14:44:19 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\INT15.dll

[2010/07/10 12:18:28 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\msaccioed.dll

[2009/10/14 11:41:40 | 000,009,845 | ---- | C] () -- C:\WINDOWS\System32\mswcnioee.dll

[2009/03/13 12:29:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/03/13 10:38:53 | 000,000,169 | ---- | C] () -- C:\WINDOWS\FR-CA.INI

[2009/03/13 10:38:53 | 000,000,169 | ---- | C] () -- C:\WINDOWS\EN-CA.INI

[2009/03/13 10:38:53 | 000,000,168 | ---- | C] () -- C:\WINDOWS\ZH.INI

[2009/03/13 10:38:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/03/13 10:33:52 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009/03/13 10:29:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe

[2009/03/13 10:29:36 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/03/13 10:28:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/13 10:26:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/13 10:25:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009/03/13 10:16:25 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2009/03/13 10:16:24 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/03/13 10:16:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/03/13 10:16:24 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/03/13 10:16:23 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/03/13 10:16:23 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2009/03/13 10:16:23 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2009/03/13 10:16:22 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2009/03/13 10:16:22 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2009/03/13 10:16:01 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2009/03/13 10:16:01 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2009/03/13 10:16:01 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2009/03/13 10:16:01 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2009/03/13 10:16:01 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2009/03/13 10:15:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009/03/13 10:15:58 | 000,437,376 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2009/03/13 10:15:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2009/03/13 10:15:58 | 000,069,410 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2009/03/13 10:15:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2009/03/13 10:15:58 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2009/03/13 10:15:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2009/03/13 10:15:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2009/03/13 10:15:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2009/03/13 10:15:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2009/03/13 10:15:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2009/03/13 10:15:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2009/03/13 02:22:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/13 02:22:07 | 000,247,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/07/19 18:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask

[2011/10/16 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/10/16 16:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/11/28 10:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVGQTS

[2011/03/01 00:39:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/03/02 20:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2011/04/04 23:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2011/11/21 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/11/03 22:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2011/10/16 13:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/11/01 20:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/04/26 23:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\.minecraft

[2011/10/16 18:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\AVG

[2011/09/23 20:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\AVG Secure Search

[2011/09/23 20:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\AVG2012

[2011/03/02 20:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\bflixtoolbar

[2011/08/14 00:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\DDMSettings

[2011/05/02 08:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\FrostWire

[2011/06/22 15:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\IObit

[2010/11/03 19:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Leadertech

[2011/10/16 14:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\ManyCam

[2011/10/02 19:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\TeamViewer

[2011/08/30 17:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\Template

[2011/11/08 20:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\uTorrent

[2011/07/29 00:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\WeatherBug

[2010/11/19 03:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\WhiteSmokeSetup

[2010/11/19 04:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\family\Application Data\WhiteSmokeTranslator

[2011/11/21 12:07:42 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job

[2011/11/21 19:34:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1043198755-3179742922-2167395947-1005Core.job

[2011/11/21 19:34:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1043198755-3179742922-2167395947-1005UA.job

========== Purity Check ==========

< End of report >

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-21 21:36:09

-----------------------------

21:36:09.265 OS Version: Windows 5.1.2600 Service Pack 3

21:36:09.265 Number of processors: 1 586 0x7F02

21:36:09.265 ComputerName: EMACHINE-98E05C UserName: family

21:36:10.828 Initialize success

21:36:31.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12

21:36:31.421 Disk 0 Vendor: ST3160815AS 4.AAA Size: 152627MB BusType: 3

21:36:33.437 Disk 0 MBR read successfully

21:36:33.437 Disk 0 MBR scan

21:36:33.437 Disk 0 unknown MBR code

21:36:33.437 Disk 0 scanning sectors +312560640

21:36:33.515 Disk 0 scanning C:\WINDOWS\system32\drivers

21:36:38.890 Service scanning

21:36:40.125 Modules scanning

21:36:45.234 Disk 0 trace - called modules:

21:36:45.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

21:36:45.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8507dab8]

21:36:45.281 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000069[0x850dd1f8]

21:36:45.281 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-12[0x84fd8940]

21:36:45.796 Scan finished successfully

21:36:52.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\family\Desktop\MBR.dat"

21:36:52.281 The log file has been saved successfully to "C:\Documents and Settings\family\Desktop\aswMBR.txt"

Link to post
Share on other sites

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x00000034

Kernel Drivers (total 117):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF7358000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7347000 pci.sys

0xF7487000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7497000 MountMgr.sys

0xF7328000 ftdisk.sys

0xF770F000 PartMgr.sys

0xF74A7000 VolSnap.sys

0xF7310000 atapi.sys

0xF74B7000 disk.sys

0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF72F0000 fltMgr.sys

0xF72DE000 sr.sys

0xF74D7000 PxHelp20.sys

0xF72C7000 KSecDD.sys

0xF723A000 Ntfs.sys

0xF720D000 NDIS.sys

0xF74E7000 Combo-Fix.sys

0xF71F3000 Mup.sys

0xF7717000 avgrkx86.sys

0xF789B000 AVGIDSEH.Sys

0xF76D7000 \SystemRoot\system32\DRIVERS\processr.sys

0xF7933000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xF76E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF77E7000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF77EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF77F7000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF666D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF77FF000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF6645000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF76F7000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

0xF655D000 \SystemRoot\system32\DRIVERS\NVNRM.SYS

0xF6437000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0xF799F000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7807000 \SystemRoot\System32\Drivers\Modem.SYS

0xF5DAA000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF5D96000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF7B5E000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF6721000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF793F000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF5D7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF6711000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF6701000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF780F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF5D6E000 \SystemRoot\system32\DRIVERS\psched.sys

0xF66F1000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7817000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF781F000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF66E1000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF79A1000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF5D4B000 \SystemRoot\system32\DRIVERS\ks.sys

0xF5CED000 \SystemRoot\system32\DRIVERS\update.sys

0xF794F000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF66C1000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF66B1000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF6691000 \SystemRoot\system32\DRIVERS\NVENETFD.sys

0xF2CBF000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xF2BDD000 \SystemRoot\system32\drivers\portcls.sys

0xF7557000 \SystemRoot\system32\drivers\drmk.sys

0xF71AB000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xF75D7000 \SystemRoot\system32\DRIVERS\avgmfx86.sys

0xF75E7000 \SystemRoot\System32\drivers\qtsmon.sys

0xF79AD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7B9E000 \SystemRoot\System32\Drivers\Null.SYS

0xF79AF000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7857000 \SystemRoot\System32\drivers\vga.sys

0xF79B1000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79B3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF785F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7867000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF323F000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF2762000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF2709000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF26C2000 \SystemRoot\system32\DRIVERS\avgtdix.sys

0xF2672000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF2650000 \SystemRoot\System32\drivers\afd.sys

0xF75F7000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF7607000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF2625000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF25B5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF7617000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7627000 \SystemRoot\System32\Drivers\Fips.SYS

0xF257E000 \SystemRoot\system32\DRIVERS\avgldx86.sys

0xF2558000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF7637000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF786F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF2540000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF79B9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF27CD000 \SystemRoot\System32\drivers\Dxapi.sys

0xF787F000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7AB1000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBF597000 \SystemRoot\System32\ATMFD.DLL

0xA6040000 \??\C:\WINDOWS\system32\drivers\mbam.sys

0xA5D03000 \SystemRoot\system32\drivers\wdmaud.sys

0xA6070000 \SystemRoot\system32\drivers\sysaudio.sys

0xA5ACE000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xA5FD4000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

0xF7757000 \??\C:\WINDOWS\system32\drivers\int15.sys

0xA57CE000 \SystemRoot\system32\DRIVERS\srv.sys

0xF788F000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys

0xA561B000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys

0xA5B0B000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0xA49B0000 \SystemRoot\System32\Drivers\HTTP.sys

0xA4B31000 \??\C:\ComboFix\catchme.sys

0xF79B5000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

0xA5E30000 \??\C:\DOCUME~1\family\LOCALS~1\Temp\aswMBR.sys

0x9A2CD000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):

0 System Idle Process

4 System

860 C:\WINDOWS\system32\smss.exe

972 csrss.exe

1012 C:\WINDOWS\system32\winlogon.exe

1104 C:\WINDOWS\system32\services.exe

1116 C:\WINDOWS\system32\lsass.exe

1332 C:\WINDOWS\system32\svchost.exe

1408 svchost.exe

1504 C:\WINDOWS\system32\svchost.exe

1556 svchost.exe

1640 svchost.exe

1756 C:\WINDOWS\system32\spoolsv.exe

1048 svchost.exe

1940 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

200 C:\Program Files\AVG\AVG2012\avgwdsvc.exe

208 C:\WINDOWS\system32\rundll32.exe

248 C:\WINDOWS\RTHDCPL.exe

540 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

780 C:\Program Files\AVG\AVG2012\avgtray.exe

956 C:\Program Files\Common Files\Java\Java Update\jusched.exe

1824 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

2028 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

1656 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

308 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

576 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

176 C:\Documents and Settings\family\My Documents\RCA Detective\RCADetective.exe

544 C:\WINDOWS\system32\svchost.exe

892 C:\WINDOWS\system32\svchost.exe

1216 C:\WINDOWS\system32\svchost.exe

2832 C:\Program Files\AVG\AVG2012\avgnsx.exe

3128 C:\Program Files\AVG\AVG2012\avgemcx.exe

2388 alg.exe

3400 C:\WINDOWS\system32\svchost.exe

188 C:\WINDOWS\explorer.exe

4000 C:\WINDOWS\system32\ctfmon.exe

3964 C:\WINDOWS\system32\wuauclt.exe

1376 C:\Documents and Settings\family\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 4.AAA

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 2495588CBF84022BE725A28B56121EFD275972BD

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter >>choice<< and press Enter

The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see a Dumped successfully message. Type -1 and press Enter twice to exit the program. Save the dump.dat file to your desktop then attach it on your next reply.

Link to post
Share on other sites

When I try to attach the dump.dat file that is saved on my desktop the website says "Error- You aren't permitted to upload this kind of file" :/

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x00000034

Kernel Drivers (total 113):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF7358000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7347000 pci.sys

0xF7487000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7497000 MountMgr.sys

0xF7328000 ftdisk.sys

0xF770F000 PartMgr.sys

0xF74A7000 VolSnap.sys

0xF7310000 atapi.sys

0xF74B7000 disk.sys

0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF72F0000 fltMgr.sys

0xF72DE000 sr.sys

0xF74D7000 PxHelp20.sys

0xF72C7000 KSecDD.sys

0xF723A000 Ntfs.sys

0xF720D000 NDIS.sys

0xF71F3000 Mup.sys

0xF7717000 avgrkx86.sys

0xF789B000 AVGIDSEH.Sys

0xF76D7000 \SystemRoot\system32\DRIVERS\processr.sys

0xF794B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xF76E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF77D7000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF77DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF77E7000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF7187000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF715F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF76F7000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

0xF7077000 \SystemRoot\system32\DRIVERS\NVNRM.SYS

0xF6F51000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0xF799F000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF77F7000 \SystemRoot\System32\Drivers\Modem.SYS

0xF68C4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF68B0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF7B90000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7517000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF795B000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF6899000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF7527000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF7537000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF77FF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF6888000 \SystemRoot\system32\DRIVERS\psched.sys

0xF7547000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF7557000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF79A1000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF6865000 \SystemRoot\system32\DRIVERS\ks.sys

0xF6807000 \SystemRoot\system32\DRIVERS\update.sys

0xF796B000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF7587000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7607000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7627000 \SystemRoot\system32\DRIVERS\NVENETFD.sys

0xF3361000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xF333D000 \SystemRoot\system32\drivers\portcls.sys

0xF7637000 \SystemRoot\system32\drivers\drmk.sys

0xF7937000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xF7657000 \SystemRoot\system32\DRIVERS\avgmfx86.sys

0xF7667000 \SystemRoot\System32\drivers\qtsmon.sys

0xF79B5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7BCF000 \SystemRoot\System32\Drivers\Null.SYS

0xF79B7000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7847000 \SystemRoot\System32\drivers\vga.sys

0xF79B9000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF784F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7857000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF3D51000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF3288000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF322F000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF31E8000 \SystemRoot\system32\DRIVERS\avgtdix.sys

0xF31C2000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF7677000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF7867000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF319A000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF3178000 \SystemRoot\System32\drivers\afd.sys

0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF314D000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF30DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF7577000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF3C3F000 \SystemRoot\System32\Drivers\Fips.SYS

0xF2FDE000 \SystemRoot\system32\DRIVERS\avgldx86.sys

0xF2FC6000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF79F9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF32BF000 \SystemRoot\System32\drivers\Dxapi.sys

0xF775F000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7B77000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBF597000 \SystemRoot\System32\ATMFD.DLL

0xBA7F0000 \??\C:\WINDOWS\system32\drivers\mbam.sys

0xBA4A3000 \SystemRoot\system32\drivers\wdmaud.sys

0xBA600000 \SystemRoot\system32\drivers\sysaudio.sys

0xBA1A4000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xBA279000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

0xF786F000 \??\C:\WINDOWS\system32\drivers\int15.sys

0xF7877000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys

0xB9EB4000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys

0xB9DE4000 \SystemRoot\system32\DRIVERS\srv.sys

0xB924C000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0xB915B000 \SystemRoot\System32\Drivers\HTTP.sys

0xB8DB4000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):

0 System Idle Process

4 System

920 C:\WINDOWS\system32\smss.exe

1016 csrss.exe

1072 C:\WINDOWS\system32\winlogon.exe

1148 C:\WINDOWS\system32\services.exe

1160 C:\WINDOWS\system32\lsass.exe

1392 C:\WINDOWS\system32\svchost.exe

1468 svchost.exe

1596 C:\WINDOWS\system32\svchost.exe

1648 svchost.exe

1796 svchost.exe

1944 C:\WINDOWS\system32\spoolsv.exe

272 C:\WINDOWS\explorer.exe

660 C:\WINDOWS\system32\rundll32.exe

676 C:\WINDOWS\RTHDCPL.exe

692 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

816 C:\Program Files\AVG\AVG2012\avgtray.exe

840 C:\Program Files\Common Files\Java\Java Update\jusched.exe

988 svchost.exe

1316 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

1328 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

1360 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

1564 C:\WINDOWS\system32\ctfmon.exe

1692 C:\Documents and Settings\family\My Documents\RCA Detective\RCADetective.exe

1832 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

1900 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

404 C:\Program Files\AVG\AVG2012\avgwdsvc.exe

436 C:\Program Files\Bonjour\mDNSResponder.exe

784 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

1264 C:\WINDOWS\system32\svchost.exe

1460 C:\WINDOWS\system32\svchost.exe

1572 C:\WINDOWS\system32\svchost.exe

984 C:\Program Files\AVG\AVG2012\avgnsx.exe

1048 C:\Program Files\AVG\AVG2012\avgemcx.exe

2316 alg.exe

3896 C:\WINDOWS\system32\svchost.exe

2976 C:\WINDOWS\system32\wuauclt.exe

2356 C:\Program Files\Internet Explorer\iexplore.exe

2284 C:\Documents and Settings\family\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 4.AAA

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 2495588CBF84022BE725A28B56121EFD275972BD

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...

Enter filename to dump to: dump.datDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Link to post
Share on other sites

Thanks!

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

AVPAnalysis.gif

On completion click the link to locate the zip file to upload and attach to your next post

AVPZiplocation.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.