Trojan Horse Agent_r.XJ

View previous topic View next topic Go down

Trojan Horse Agent_r.XJ

Post by minnymagsie on 20th April 2011, 11:46 am

Hi everyone, I desperately need someones help. My son who has learning difficulties (pc from Microlink) has unfortunately been on a site Bit Torrent, I dont know much about this site but now his pc is infected I think. I ran AVG and it pulled up a few Trojans which I cannot get rid of. Trying to get rid of this trojan is proving impossible. Long weekend coming up...urgently need a distraction for him.....grateful thanks. I have ran the OTl and this is what the NOTEPAD and EXTRAS come up with.

The PC has not been charging properly and gave us the BlueScreen. I ran the Microlink recovery disk and I seem to have messed up big time. It now wont let me use the Windows Update. Dont know what Im doing really, hence this begging mail. Im not too bad on pc's but this has me foxed. I took advice and rn the OTL - this is what it said.....

OTL Extras logfile created on: 20/04/2011 12:17:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\David Cunnigham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 26.23 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive D: | 109.05 Gb Total Space | 32.57 Gb Free Space | 29.86% Space Free | Partition Type: NTFS

Computer Name: LH-TC3URDGD9G6C | User Name: David Cunnigham | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{591B0CC3-F991-4E98-8676-153EF43A08E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EB0580F-6059-4D0C-8F49-A43B4C958446}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{31BD3D22-48EC-4FFE-90FD-997B9B1A6D5F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{321E635E-2D13-4CDB-A744-2DADEC26AF0F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{624B3D1E-312E-483F-AF47-5ADDD9A4B974}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7A9F27C5-B695-4127-846B-00DD220B16FF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{86CAB04E-50B4-4620-8D16-B4A1610A013E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{9E9054A0-7B0E-407C-B4BA-FEAC57C0C01B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BF066C60-91D2-4A9D-8609-08563DFB3B35}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D941C9C2-972C-4737-B9E4-53EB19A020F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{FFA59021-6EB0-4834-B3C8-FE4323CF844C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{298F007F-FD2C-44A2-9722-BABECE3DBC5F}D:\install\software\kis2009\setup.exe" = protocol=6 | dir=in | app=d:\install\software\kis2009\setup.exe |
"UDP Query User{612975F7-C6BD-4A50-819D-8964681DFCA4}D:\install\software\kis2009\setup.exe" = protocol=17 | dir=in | app=d:\install\software\kis2009\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E029F9D-A709-4B0A-89C9-D56AA4B1254B}" = WebCam Suite 2.0
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{6003F12D-6DAF-4C3F-9FFA-F4A721DC6BBF}" = AVG 2011
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = AVC Finger-sensing PAD Driver
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2011
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"Colour Explorer" = Colour Explorer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Spyware Doctor" = Spyware Doctor 8.0
"STANDARD" = Microsoft Office Standard 2007
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/04/2011 03:36:30 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:36:44 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:36:44 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:36:45 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:36:45 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:37:03 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:37:03 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:37:05 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:37:05 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 20/04/2011 03:45:13 | Computer Name = LH-TC3URDGD9G6C | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc000071b, fault offset 0x00088ed9, process id 0x13d8, application
start time 0x01cbff2bf8ffa095.

[ System Events ]
Error - 19/04/2011 17:02:35 | Computer Name = LH-TC3URDGD9G6C | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 19/04/2011 17:03:19 | Computer Name = LH-TC3URDGD9G6C | Source = Service Control Manager | ID = 7000
Description =

Error - 19/04/2011 17:13:28 | Computer Name = LH-TC3URDGD9G6C | Source = HTTP | ID = 15016
Description =

Error - 19/04/2011 17:14:42 | Computer Name = LH-TC3URDGD9G6C | Source = Service Control Manager | ID = 7000
Description =

Error - 19/04/2011 16:50:46 | Computer Name = LH-TC3URDGD9G6C | Source = DCOM | ID = 10005
Description =

Error - 19/04/2011 16:57:01 | Computer Name = LH-TC3URDGD9G6C | Source = HTTP | ID = 15016
Description =

Error - 19/04/2011 16:58:19 | Computer Name = LH-TC3URDGD9G6C | Source = Service Control Manager | ID = 7000
Description =

Error - 19/04/2011 17:20:09 | Computer Name = LH-TC3URDGD9G6C | Source = DCOM | ID = 10010
Description =

Error - 19/04/2011 17:25:49 | Computer Name = LH-TC3URDGD9G6C | Source = HTTP | ID = 15016
Description =

Error - 19/04/2011 17:26:46 | Computer Name = LH-TC3URDGD9G6C | Source = DCOM | ID = 10010
Description =


< End of report >



OTL logfile created on: 20/04/2011 12:17:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\David Cunnigham\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 26.23 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive D: | 109.05 Gb Total Space | 32.57 Gb Free Space | 29.86% Space Free | Partition Type: NTFS

Computer Name: LH-TC3URDGD9G6C | User Name: David Cunnigham | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 12:16:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David Cunnigham\Desktop\OTL.com
PRC - [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 12:16:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David Cunnigham\Desktop\OTL.com
MOD - [2008/01/21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/08 05:33:40 | 002,707,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/05/28 09:54:16 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/28 09:49:42 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Stopped] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2008/05/28 09:54:36 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/28 09:54:35 | 000,024,064 | ---- | M] (Asia Vital Components Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2008/05/28 09:54:19 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2008/05/28 09:54:18 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/05/28 09:54:16 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/05/28 09:54:16 | 000,329,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/02 19:53:02 | 000,220,696 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/19 21:50:11 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\David Cunnigham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Colour Explorer.lnk = C:\Program Files\Colour Explorer\CXLOADER.exe (MicrolinkPC)
O4 - Startup: C:\Users\David Cunnigham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Create_folders.lnk = C:\Windows\System32\sysprep\Create_Folders.exe (MicrolinkPC UK Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 12:16:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\David Cunnigham\Desktop\OTL.com
[2011/04/20 12:00:30 | 000,000,000 | ---D | C] -- C:\Users\David Cunnigham\AppData\Roaming\Malwarebytes
[2011/04/20 12:00:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/20 12:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/20 12:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/20 12:00:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/20 12:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/20 11:51:15 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/19 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\David Cunnigham\AppData\Roaming\AVG
[2011/04/19 23:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/04/19 23:36:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2011/04/19 23:36:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/04/19 23:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2011/04/19 23:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/19 23:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/19 22:53:46 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/19 22:53:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/19 22:53:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/19 22:53:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/19 22:13:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/19 22:11:45 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/04/19 22:11:45 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/04/19 22:11:42 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/04/19 22:11:42 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/04/19 22:11:31 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/04/19 22:11:31 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/04/19 22:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/04/19 22:11:23 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/04/19 22:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/19 22:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/19 22:11:15 | 000,000,000 | ---D | C] -- C:\Users\David Cunnigham\AppData\Roaming\PC Tools
[2011/04/19 22:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/19 22:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/19 22:03:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/19 22:01:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/04/19 21:51:58 | 000,000,000 | ---D | C] -- C:\Users\David Cunnigham\AppData\Roaming\AVG10
[2011/04/19 21:50:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/19 21:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/04/19 21:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/19 21:49:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/04/19 21:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/19 21:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/18 15:06:22 | 020,244,448 | ---- | C] (Acresso Software Inc.) -- D:\Users\David Cunnigham\Documents\Sims3_1.2.7.00002_from_1.0.631.00002.exe
[2011/04/17 18:54:08 | 000,000,000 | ---D | C] -- D:\Users\David Cunnigham\Documents\VirtualDJ
[2011/03/30 17:16:52 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2 D:\Users\David Cunnigham\Documents\*.tmp files -> D:\Users\David Cunnigham\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/20 12:16:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David Cunnigham\Desktop\OTL.com
[2011/04/20 12:01:00 | 000,598,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/20 12:01:00 | 000,104,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/20 12:00:27 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/20 11:56:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/20 11:55:31 | 240,581,554 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/20 11:53:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 11:53:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 11:53:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/20 11:32:19 | 112,912,098 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/19 23:47:30 | 000,001,005 | ---- | M] () -- C:\Users\David Cunnigham\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/19 23:47:30 | 000,000,981 | ---- | M] () -- C:\Users\David Cunnigham\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/19 23:36:53 | 001,226,782 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/19 23:35:59 | 001,048,576 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/04/19 23:35:59 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2011/04/19 23:35:59 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2011/04/19 22:11:28 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/04/19 22:01:03 | 000,650,331 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/04/19 21:50:13 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/18 17:31:30 | 000,013,666 | ---- | M] () -- D:\Users\David Cunnigham\Documents\Football_Manager_2011_DiNKY.torrent
[2011/04/18 15:36:44 | 000,007,836 | ---- | M] () -- D:\Users\David Cunnigham\Documents\WinZip_PRO_FINAL_v15_0___Serials__ChattChitto_RG_.torrent
[2011/04/18 15:13:10 | 002,714,417 | ---- | M] () -- D:\Users\David Cunnigham\Documents\speakoniasetup-1.0.exe
[2011/04/18 15:06:32 | 020,244,448 | ---- | M] (Acresso Software Inc.) -- D:\Users\David Cunnigham\Documents\Sims3_1.2.7.00002_from_1.0.631.00002.exe
[2011/04/17 13:20:11 | 000,056,880 | ---- | M] () -- D:\Users\David Cunnigham\Documents\The_Day_The_Earth_Stood_Still_2008_DvDrip_aXXo.torrent
[2011/04/14 21:02:06 | 000,123,424 | ---- | M] () -- D:\Users\David Cunnigham\Documents\TRC _Haters_ Rough Cut.jpg
[2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2 D:\Users\David Cunnigham\Documents\*.tmp files -> D:\Users\David Cunnigham\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/20 12:00:27 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/20 11:32:19 | 112,912,098 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/20 08:09:33 | 240,581,554 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/19 23:47:30 | 000,001,005 | ---- | C] () -- C:\Users\David Cunnigham\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/19 23:47:30 | 000,000,981 | ---- | C] () -- C:\Users\David Cunnigham\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/19 23:35:57 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2011/04/19 23:35:57 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2011/04/19 23:35:56 | 001,048,576 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/04/19 22:11:45 | 001,226,782 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/19 22:11:28 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/04/19 22:01:03 | 000,650,331 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/04/19 21:50:13 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/18 17:22:35 | 000,013,666 | ---- | C] () -- D:\Users\David Cunnigham\Documents\Football_Manager_2011_DiNKY.torrent
[2011/04/18 15:36:41 | 000,007,836 | ---- | C] () -- D:\Users\David Cunnigham\Documents\WinZip_PRO_FINAL_v15_0___Serials__ChattChitto_RG_.torrent
[2011/04/18 15:12:52 | 002,714,417 | ---- | C] () -- D:\Users\David Cunnigham\Documents\speakoniasetup-1.0.exe
[2011/04/17 13:20:09 | 000,056,880 | ---- | C] () -- D:\Users\David Cunnigham\Documents\The_Day_The_Earth_Stood_Still_2008_DvDrip_aXXo.torrent
[2011/04/14 21:02:06 | 000,123,424 | ---- | C] () -- D:\Users\David Cunnigham\Documents\TRC _Haters_ Rough Cut.jpg
[2008/12/09 20:54:58 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/09 20:52:01 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2008/12/09 20:50:02 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2008/12/09 20:48:06 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/12/09 20:48:06 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/09 20:48:06 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/12/09 20:47:57 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/12/09 13:07:15 | 000,000,000 | ---- | C] () -- C:\Windows\Dssole.INI
[2008/12/09 13:07:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DM1USBAPIVB.dll
[2008/12/09 12:56:43 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/12/09 12:56:43 | 000,000,750 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Colour Explorer.dat
[2008/12/09 12:12:40 | 000,000,680 | ---- | C] () -- C:\Users\David Cunnigham\AppData\Local\d3d9caps.dat
[2008/05/22 16:16:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2008/01/21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007/03/29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,254,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,782 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,658 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Any help gratefull accepted!

minnymagsie
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2011-04-20
OS OS : vista
Points Points : 20593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ

Post by Belahzur on 20th April 2011, 9:44 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum