Possible Virus with Avgcsrvx.exe

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Possible Virus with Avgcsrvx.exe

Post by grasshopper on Sat 06 Aug 2011, 5:48 pm

Hello,

Like the post below, my system is simply looping through the boot up process. A blue screen is displayed for a spit second and then the reboot cycle happens. Once in Safe mode I completed the scans required. Thank you for your help!!!

Eric

OTL.txt

OTL logfile created on: 8/6/2011 1:01:11 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 81.69% Memory free
3.79 Gb Paging File | 3.70 Gb Available in Paging File | 97.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 125.48 Gb Free Space | 56.32% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.75% Space Free | Partition Type: NTFS
Drive E: | 30.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.84 Gb Total Space | 0.51 Gb Free Space | 13.35% Space Free | Partition Type: FAT32

Computer Name: P4-4400 | User Name: Eric | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/06 00:56:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.com
PRC - [2010/06/22 08:13:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/06 00:56:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/21 08:07:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 08:14:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/20 04:42:08 | 003,364,856 | ---- | M] (Tall Emu) [Auto | Stopped] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/04/20 04:42:08 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Stopped] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2008/07/29 14:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 08:23:22 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 08:13:51 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 08:43:36 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/20 04:13:30 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/04/20 04:13:14 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/04/20 04:13:10 | 000,228,216 | ---- | M] (Tall Emu) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/29 09:37:36 | 000,038,344 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2010/03/05 10:47:39 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/29 03:36:47 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/03/17 11:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/21 07:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.2.41
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/16 12:58:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/16 12:58:53 | 000,000,000 | ---D | M]

[2009/09/29 04:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions
[2011/05/12 10:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\y8rdhq3a.default\extensions
[2010/06/16 08:20:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\y8rdhq3a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/11 09:08:27 | 000,000,000 | ---D | M] ("LinkDiagnosis 2.2") -- C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\y8rdhq3a.default\extensions\beta@linkdiagnosis.com
[2011/07/11 03:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 15:52:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 13:13:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/24 12:20:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/11 03:16:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/11/24 10:12:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/07/11 03:15:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/11 03:15:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/06 00:26:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aig.com ([na.connect] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} [You must be registered and logged in to see this link.] (Confidence Online for Web Applications)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} [You must be registered and logged in to see this link.] (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} [You must be registered and logged in to see this link.] (CamImage Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} [You must be registered and logged in to see this link.] (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.206.220.35 24.206.220.45 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cokinos.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\System32\CSGina.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/15 14:49:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 00:58:18 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eric\Desktop\aswMBR.exe
[2011/08/06 00:56:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.com
[2011/08/06 00:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/06 00:08:47 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/08/06 00:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/08/04 23:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/08/01 17:52:23 | 000,000,000 | ---D | C] -- C:\found.001
[2011/08/01 04:21:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Eric\IECompatCache
[2011/08/01 04:08:58 | 000,000,000 | ---D | C] -- C:\found.000
[2011/07/16 13:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\Apple Computer
[2011/07/16 13:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/16 13:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/16 12:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/16 12:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/16 12:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/07/16 12:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/16 12:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/07/16 12:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Apple
[2011/07/16 12:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/16 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/16 12:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/07/16 12:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/07/16 12:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Apple Computer
[2011/07/16 09:07:31 | 000,000,000 | ---D | C] -- C:\Android
[2011/07/16 07:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric\workspace
[2011/07/16 07:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse
[2011/07/12 17:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric\.android
[2011/07/12 17:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Android SDK Tools
[2011/07/12 17:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Android
[2011/07/11 04:09:23 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/07/11 03:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/07/11 03:16:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/11 03:16:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/11 03:16:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/11 03:16:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/06 00:58:18 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eric\Desktop\aswMBR.exe
[2011/08/06 00:56:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.com
[2011/08/06 00:54:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/06 00:54:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/06 00:26:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/06 00:10:25 | 004,164,813 | R--- | M] (Swearware) -- C:\Documents and Settings\Eric\Desktop\ComboFix.exe
[2011/08/06 00:00:46 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2011/08/05 04:25:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/04 23:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/04 20:00:28 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/04 19:57:08 | 083,140,772 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/08/04 19:54:27 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/08/04 19:54:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/08/04 19:52:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/31 06:57:03 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/31 06:51:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/28 03:37:48 | 000,001,782 | -H-- | M] () -- C:\Documents and Settings\Eric\My Documents\Default.rdp
[2011/07/25 17:05:33 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\SmartFTP Client.lnk
[2011/07/23 05:48:41 | 000,000,177 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/07/16 13:21:07 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2011/07/16 13:02:47 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/16 12:57:52 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/16 11:14:27 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/16 11:14:00 | 000,000,744 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/16 07:57:13 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to eclipse.exe.lnk
[2011/07/12 04:33:20 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/07/12 04:33:07 | 000,510,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/12 04:33:07 | 000,092,994 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/11 03:15:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/11 03:15:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/11 03:15:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/11 03:15:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/11 03:15:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/10 06:50:49 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 13:02:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/16 12:57:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/16 12:57:08 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/16 12:56:56 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/16 07:57:13 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to eclipse.exe.lnk
[2011/07/11 04:18:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/26 09:05:39 | 000,160,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/26 17:43:33 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-79KPO.exe
[2010/06/18 09:33:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/18 09:33:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/18 09:33:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/18 09:33:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/18 09:33:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/17 12:14:00 | 000,000,744 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/14 05:28:09 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/05/17 09:32:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2010/04/03 22:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/04 07:55:35 | 000,000,177 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/02/03 04:43:50 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2010/02/03 04:43:48 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/09/29 04:46:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/02 16:04:51 | 000,000,287 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/12 06:41:21 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/04/23 04:52:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2009/04/23 04:51:42 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/04/23 04:51:39 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/04/23 04:51:39 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/04/23 04:51:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2009/04/23 04:51:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2009/04/22 15:24:09 | 000,198,826 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\debuggee.mdmp
[2009/02/28 09:55:06 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/07 11:46:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/16 08:12:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/16 08:08:02 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/15 14:50:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/15 14:47:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/15 06:43:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/15 06:42:58 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,510,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,092,994 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/06 00:58:18 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eric\Desktop\aswMBR.exe
[2011/08/06 00:10:25 | 004,164,813 | R--- | M] (Swearware) -- C:\Documents and Settings\Eric\Desktop\ComboFix.exe
[2010/06/21 01:03:02 | 045,256,984 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\drweb-cureit.exe
[2009/09/15 02:00:50 | 001,830,424 | ---- | M] (Smallfrogs Studio) -- C:\Documents and Settings\Eric\Desktop\SREngLdr.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/22 06:27:40 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/22 06:27:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/12/22 06:27:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/12/22 06:27:44 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/08/08 04:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/06/25 23:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\77soft.net
[2011/02/02 11:19:40 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/07/12 17:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Android
[2011/07/16 12:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/06/26 08:46:28 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/10/26 05:56:35 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/07/16 12:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/11/15 15:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/11/16 08:54:09 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2011/07/31 16:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/11/16 08:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2009/04/30 05:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2011/08/06 00:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/11/15 14:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/02/10 08:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\db net solutions
[2010/01/28 10:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\DebugMode
[2011/07/31 07:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\eclipse
[2010/06/18 04:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/07/06 15:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\Free Easy Burner
[2010/07/06 15:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2010/07/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Program Files\Free Screen Recorder
[2009/11/16 17:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2011/06/08 17:22:03 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/11/16 12:23:22 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2008/11/16 08:43:14 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2008/11/16 11:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2010/01/29 03:36:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/07/12 03:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/07/16 13:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/07/16 13:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/07/11 03:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/29 03:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\LSoft Technologies
[2011/07/16 11:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/06 00:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/11/16 08:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/11/16 10:39:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ASP.NET 3.5 Extensions
[2008/11/16 08:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2008/11/16 10:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Enterprise Library 4.0 - May 2008
[2010/01/29 03:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Expression
[2008/11/15 14:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/07/11 05:52:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/29 04:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2011/07/03 05:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/07/11 04:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2008/11/16 08:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/11/16 08:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/06/07 08:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2008/12/24 14:49:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2008/11/16 08:39:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2010/01/29 03:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/07 10:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 03:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/05/23 07:40:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/11/16 08:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/30 14:21:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2008/11/15 14:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/11/15 14:47:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/02/04 05:42:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/11/16 08:36:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/11/16 10:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/01/08 10:09:45 | 000,000,000 | ---D | M] -- C:\Program Files\NUnit 2.5.9
[2010/06/22 12:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2008/11/15 14:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/02/27 08:16:49 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/08/06 00:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2010/04/05 12:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\Payflow SDK for .NET
[2011/07/16 12:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/11/16 08:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/11/27 13:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/07/15 16:12:25 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client
[2009/07/15 16:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 3.0 Setup Files
[2010/08/09 08:59:17 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client SDK
[2011/04/01 15:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/17 12:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/06/18 07:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/04/23 08:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix SQL Recovery
[2011/07/11 03:16:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/06/18 07:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\Tall Emu
[2008/11/15 14:57:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/06/17 09:32:19 | 000,000,000 | ---D | M] -- C:\Program Files\Voxengo
[2010/06/07 10:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009/11/06 09:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/16 08:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2008/11/16 10:56:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/11/15 14:47:24 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/04/28 07:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/11/15 14:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/08/08 04:49:02 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2008/11/16 08:14:12 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/16 10:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/16 08:14:12 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/11/16 10:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/11/16 08:14:12 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/16 10:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/16 08:14:12 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/11/16 10:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2008/11/16 08:14:12 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/16 10:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/11/16 08:14:12 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/11/16 10:53:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-31 11:52:26

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/22 06:27:44 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/22 06:27:44 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/22 06:27:44 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/22 06:27:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/22 06:27:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/22 06:27:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/22 06:27:44 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/22 06:27:44 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/22 06:27:44 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/22 06:27:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/22 06:27:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/22 06:27:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >


grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Additional information

Post by grasshopper on Sat 06 Aug 2011, 5:49 pm

Extras.txt

OTL Extras logfile created on: 8/6/2011 1:01:11 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 81.69% Memory free
3.79 Gb Paging File | 3.70 Gb Available in Paging File | 97.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 125.48 Gb Free Space | 56.32% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.75% Space Free | Partition Type: NTFS
Drive E: | 30.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.84 Gb Total Space | 0.51 Gb Free Space | 13.35% Space Free | Partition Type: FAT32

Computer Name: P4-4400 | User Name: Eric | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4500:UDP" = 4500:UDP:LocalSubNet:Enabled:IPsec (IKE NAT-T)
"500:UDP" = 500:UDP:LocalSubNet:Enabled:IPsec (IKE)
"135:TCP" = 135:TCP:LocalSubNet:Enabled:RPC Endpoint Mapper and DCOM infrastructure

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe:LocalSubNet:Enabled:Microsoft Visual Studio -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Microsoft Expression\Media 2\Media.exe" = C:\Program Files\Microsoft Expression\Media 2\Media.exe:*:Enabled:iView Multimedia -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0211FE23-8508-48FB-ACD4-A3750310C8C5}" = Microsoft Expression Encoder 2 Service Pack 1 SDK
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{071A1755-5304-4495-9378-8F536BCDD203}" = Microsoft Expression Encoder 2 Service Pack 1
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1419A197-F6FB-4129-81B2-0113A3B6A09C}" = Microsoft Expression Encoder 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{373BB88C-6D4A-4F2F-80E1-7911A5234494}" = NUnit 2.5.9
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3891E1C9-8E9E-43E2-B009-6D008BCD7669}" = Microsoft Expression Blend 2
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
"{44FAFCA0-694A-11DC-99FC-B6C555D89593}" = Microsoft ASP.NET 3.5 Extensions CTP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7A3985-3D9B-4420-AC85-F9FF8DB2170C}" = Microsoft SQL Server Management Studio Express
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7FE2549F-361D-4F9F-BB3E-75D08EFEB313}" = Microsoft Windows Media Center SDK 5.3
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{985818E9-F444-4271-A614-C7DF8394DB2E}" = SmartFTP Client
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C069720D-D6D5-4B02-9CCD-7C2FDA07EAC1}" = Microsoft Expression Studio 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3498122-091E-4999-9EBE-7513FE904F6A}" = Microsoft Expression Design 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8E2D4F4-90EB-4187-86FE-CE2F903A919F}" = Google Data API SDK
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC01B255-9218-4FD0-8D3B-E0A2889F55C9}" = G-Mapper
"{FCD7C22E-06CE-4F29-8CCD-55A7B4D0B087}" = Payflow SDK for .NET
"{FDCFB66E-18B2-4AD5-8091-0FB726CC387A}" = Enterprise Library 4.0 - May 2008
"3D Home Architect 2" = 3D Home Architect 2
"7-Zip" = 7-Zip 4.57
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Android SDK Tools" = Android SDK Tools
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG 9.0
"Blend_2.0.1523.0" = Microsoft Expression Blend 2
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DebugMode Wink" = DebugMode Wink
"Design_5.0.1379.0" = Microsoft Expression Design 2
"Encoder_2.0.1406.0" = Microsoft Expression Encoder 2
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
"Free Easy Burner_is1" = Free Easy Burner V 3.9
"Free Screen Recorder_is1" = Free Screen Recorder v2.9
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OnlineArmor_is1" = Online Armor 4.0
"r8brain" = r8brain 1.9
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SmartFTP Client SDK_is1" = SmartFTP Client SDK 1.0
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XWeb" = Microsoft Expression Web 2
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE" = Confidence Online(tm) for Web Applications
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2011 4:58:47 AM | Computer Name = P4-4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/3/2011 5:13:47 AM | Computer Name = P4-4400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2011 5:13:51 AM | Computer Name = P4-4400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2011 5:15:52 AM | Computer Name = P4-4400 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2011 5:24:25 AM | Computer Name = P4-4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/4/2011 8:52:56 PM | Computer Name = P4-4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/4/2011 8:52:56 PM | Computer Name = P4-4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/5/2011 4:51:40 AM | Computer Name = P4-4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/6/2011 12:57:46 AM | Computer Name = P4-4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/6/2011 1:54:43 AM | Computer Name = P4-4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 8/6/2011 1:00:18 AM | Computer Name = P4-4400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 8/6/2011 1:00:52 AM | Computer Name = P4-4400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 8/6/2011 1:07:51 AM | Computer Name = P4-4400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 8/6/2011 1:21:54 AM | Computer Name = P4-4400 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 8/6/2011 1:34:57 AM | Computer Name = P4-4400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/6/2011 1:54:43 AM | Computer Name = P4-4400 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain COKINOS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/6/2011 1:55:12 AM | Computer Name = P4-4400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/6/2011 1:55:34 AM | Computer Name = P4-4400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 8/6/2011 1:56:03 AM | Computer Name = P4-4400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdPPM AvgLdx86 AvgMfx86 Fips NetworkX OADevice

Error - 8/6/2011 2:03:56 AM | Computer Name = P4-4400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


< End of report >

aswMBR.txt

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-06 01:26:12
-----------------------------
01:26:12.562 OS Version: Windows 5.1.2600 Service Pack 3
01:26:12.562 Number of processors: 2 586 0x4B02
01:26:12.562 ComputerName: P4-4400 UserName: Eric
01:26:13.671 Initialize success
01:27:16.234 AVAST engine defs: 11080501
01:27:53.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:27:53.203 Disk 0 Vendor: WDC_WD2500JS-75NCB3 10.02E04 Size: 238418MB BusType: 3
01:27:55.234 Disk 0 MBR read successfully
01:27:55.250 Disk 0 MBR scan
01:27:55.328 Disk 0 Windows XP default MBR code
01:27:55.343 Disk 0 scanning sectors +488278016
01:27:55.468 Disk 0 scanning C:\WINDOWS\system32\drivers
01:28:05.406 Service scanning
01:28:08.953 Modules scanning
01:28:17.015 Disk 0 trace - called modules:
01:28:17.078 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
01:28:17.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ab4ab8]
01:28:17.125 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x89b33a10]
01:28:17.156 5 PCTCore.sys[f743ceae] -> nt!IofCallDriver -> \Device\00000065[0x89ab73b8]
01:28:17.328 7 ACPI.sys[f758e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89aa6d98]
01:28:18.296 AVAST engine scan C:\WINDOWS
01:28:24.828 AVAST engine scan C:\WINDOWS\system32
01:29:55.875 AVAST engine scan C:\WINDOWS\system32\drivers
01:30:11.437 AVAST engine scan C:\Documents and Settings\Eric
01:30:26.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
01:30:27.031 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"

checkup.txt

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
AVG 9.0
ESET Online Scanner v3
Online Armor 4.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 26
Java DB 10.6.2.1
Flash Player Out of Date!
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgemc.exe
``````````End of Log````````````

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Sat 06 Aug 2011, 6:22 pm

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

ComboFix Log File

Post by grasshopper on Sat 06 Aug 2011, 11:03 pm

Thanks for the help.

ComboFix 11-08-05.03 - Eric 08/06/2011 6:47.7.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1576 [GMT -5:00]
Running from: c:\documents and settings\Eric\desktop\commy.exe
Command switches used :: /stepdel
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 05:08 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-08-06 05:08 . 2011-08-06 05:08 -------- d-----w- c:\program files\Panda Security
2011-08-06 05:08 . 2011-08-06 05:08 -------- d-----w- c:\windows\LastGood.Tmp
2011-08-05 04:33 . 2011-08-05 04:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-08-01 22:52 . 2011-08-01 22:52 -------- d-----w- C:\found.001
2011-08-01 09:21 . 2011-08-01 09:21 -------- d-sh--w- c:\documents and settings\Eric\IECompatCache
2011-08-01 09:08 . 2011-08-01 09:08 -------- d-----w- C:\found.000
2011-07-31 11:07 . 2011-07-31 11:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-16 18:04 . 2011-07-16 18:16 -------- d-----w- c:\documents and settings\Eric\Application Data\Apple Computer
2011-07-16 18:01 . 2011-07-16 18:01 -------- d-----w- c:\program files\iPod
2011-07-16 17:59 . 2011-07-16 18:02 -------- d-----w- c:\program files\iTunes
2011-07-16 17:59 . 2011-07-16 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-16 17:57 . 2011-07-16 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-07-16 17:57 . 2011-07-16 17:57 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Apple
2011-07-16 17:56 . 2011-07-16 17:56 -------- d-----w- c:\program files\Apple Software Update
2011-07-16 17:46 . 2011-07-16 17:46 -------- d-----w- c:\program files\Bonjour
2011-07-16 17:45 . 2011-07-16 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-07-16 17:45 . 2011-07-16 18:01 -------- d-----w- c:\program files\Common Files\Apple
2011-07-16 17:45 . 2011-07-16 18:04 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Apple Computer
2011-07-16 14:07 . 2011-07-16 14:17 -------- d-----w- C:\Android
2011-07-16 12:48 . 2011-07-30 18:54 -------- d-----w- c:\documents and settings\Eric\workspace
2011-07-16 12:38 . 2011-07-31 12:00 -------- d-----w- c:\program files\eclipse
2011-07-12 22:17 . 2011-07-17 09:33 -------- d-----w- c:\documents and settings\Eric\.android
2011-07-12 22:16 . 2011-07-12 22:16 -------- d-----w- c:\program files\Android
2011-07-11 09:09 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-07-11 08:16 . 2011-07-11 08:16 -------- d-----w- c:\program files\Sun
2011-07-11 08:16 . 2011-07-11 08:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 10:44 . 2008-11-16 13:47 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-07-11 10:43 . 2008-11-16 13:47 1721312 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2011-07-11 08:15 . 2010-06-24 20:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-07 00:52 . 2009-10-28 13:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2009-10-28 13:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 09:18 . 2011-06-19 09:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-3 113664]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-4-30 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-28 122880]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 13:14 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3713959246-320310600-2471480639-1178\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DevServer\\9.0\\WebDev.WebServer.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2009 9:12 AM 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/17/2010 12:10 PM 218592]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2009 9:12 AM 243152]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/18/2010 7:50 AM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/18/2010 7:50 AM 29560]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/6/2011 12:08 AM 28552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2009 9:12 AM 216400]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/18/2010 7:50 AM 228216]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/22/2010 8:13 AM 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 8:14 AM 308136]
S2 gupdate1c95cab836b518e;Google Update Service (gupdate1c95cab836b518e);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 5:46 PM 133104]
S2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [6/22/2007 9:22 AM 95592]
S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/18/2010 7:50 AM 1284600]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/18/2010 7:50 AM 3364856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 5:46 PM 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/29/2010 3:36 AM 717296]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-08-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-07 10:55]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 11:34]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: aig.com\na.connect
TCP: DhcpNameServer = 24.206.220.35 24.206.220.45 208.180.42.100
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\y8rdhq3a.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG9\Firefox
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LinkDiagnosis 2.2: [You must be registered and logged in to see this link.] - %profile%\extensions\beta@linkdiagnosis.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-08-06 06:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQLEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\CSGina.dll
.
- - - - - - - > 'explorer.exe'(316)
c:\windows\system32\WININET.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
.
Completion time: 2011-08-06 06:58:23
ComboFix-quarantined-files.txt 2011-08-06 11:58
ComboFix2.txt 2011-08-06 05:31
ComboFix3.txt 2010-06-21 05:12
ComboFix4.txt 2010-06-20 20:19
.
Pre-Run: 134,607,159,296 bytes free
Post-Run: 134,685,511,680 bytes free
.
- - End Of File - - 843BC2B4B327BA4900AFDD212FDB61CE

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Sun 07 Aug 2011, 5:16 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

No Problems encountered

Post by grasshopper on Sun 07 Aug 2011, 9:07 pm

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7400

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/7/2011 5:07:07 AM
mbam-log-2011-08-07 (05-07-07).txt

Scan type: Quick scan
Objects scanned: 198304
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Mon 08 Aug 2011, 3:13 pm

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Here are the results...

Post by grasshopper on Tue 09 Aug 2011, 8:40 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=72df6bb2859a2249a1bb4db882f240d4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-08 11:51:46
# local_time=2011-08-08 06:51:46 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1029 16777214 100 98 0 55317714 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=6401 16777214 66 100 1409081 40115785 0 0
# compatibility_mode=8192 67108863 100 0 35020026 35020026 0 0
# scanned=558274
# found=2
# cleaned=2
# scan_time=10394
C:\Downloads\DVDBurner\Setup_FreeBurner.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{77605E37-928B-4EF2-9AD8-4072CC5853C1}\RP1081\A1092026.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Tue 09 Aug 2011, 4:13 pm

Hi,

How's your computer running now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Still Having problems...

Post by grasshopper on Tue 09 Aug 2011, 8:44 pm

When I cold booted the system it did the same thing... blue screen quickly and rebooted. I mistakenly went into safe mode without networking and everything booted properly. I then warm booted the system and it came up in regular mode... but immediately logged itself off. It came back to the login screen (not in safe mode) and I logged in again.

Got the following error AVGsrvx.exe - Apllication error Software Exception 0xe06d7363 at location 0x6aebd0f6
.

A "Blocked Program" screen was displayed asking about a MrxDAV.sys file which I have not responded to yet.

The system is extremely slow.

Any ideas?... Thanks for your help!

Eric

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Wed 10 Aug 2011, 4:52 pm

Hi,

Do you have AVG installed?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by grasshopper on Wed 10 Aug 2011, 7:54 pm

Yes

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Fri 12 Aug 2011, 2:07 pm

Uninstall it please: [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by grasshopper on Fri 12 Aug 2011, 11:32 pm

Hello,

I have un-installed AVG and re-ran ESET Scanner (with no viruses).

Re-booted system and no loger seem to have any apparent issues.

However, the On-Line Armor software is asking if it can trust the MrxDav.sys file. I looked this up on the internet and it appears to be fine but was concerned if this file might be a spoof or have a virus that I would re-introduce to my system. Your thoughts?

Can I re-install AVG?

I know you cannot recommend any specific package, but a question would be...

What Virus, Malware, etc. protection software do you use on your personal computer?

Thank you again for your help.

Eric

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Sat 13 Aug 2011, 12:52 pm

Did you have both AVG and ESET installed at the same time?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by grasshopper on Sat 13 Aug 2011, 9:05 pm

Yes, but not the last time... I uninstalled AVG and re-ran ESET.

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Sun 14 Aug 2011, 3:15 pm

Hi,

Having more than 1 antivirus does more harm than good. I, personally, use Avast free antivirus. AVG really isn't a good antivirus anymore.

What is the full path of the file that is being detected?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Popup Application Error when re-booting still

Post by grasshopper on Sun 14 Aug 2011, 10:11 pm

The file is c:\windows\system32\drivers\MrxDAV.sys. The concern I have is that this file has been around / use by the operating system from the beginning. Why would this one file need updating at this time..? unless it was a virus...

Thank you about the information about virus checkers. With the error I was getting with the AVG file at the time I didn't know if I should un-install until you asked me to.

Previously, every time I re-booted, I was getting a pop up error box that said there was an issue with the AVG file. Now everytime I reboot I am getting the following error.

System Agent Com Windows svchost.exe - Application Error
The instrument (hex value) ..... memory could not be written.

Any thoughts?

Thanks again!

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Mon 15 Aug 2011, 2:54 pm

Hi,

Could you please re-run ComboFix?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Here are the results

Post by grasshopper on Mon 15 Aug 2011, 8:34 pm

ComboFix 11-08-15.07 - Eric 08/15/2011 4:01.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1461 [GMT -5:00]
Running from: c:\documents and settings\Eric\Desktop\commy.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-06 05:08 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-08-06 05:08 . 2011-08-06 05:08 -------- d-----w- c:\program files\Panda Security
2011-08-05 04:33 . 2011-08-05 04:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-08-01 22:52 . 2011-08-01 22:52 -------- d-----w- C:\found.001
2011-08-01 09:21 . 2011-08-01 09:21 -------- d-sh--w- c:\documents and settings\Eric\IECompatCache
2011-08-01 09:08 . 2011-08-01 09:08 -------- d-----w- C:\found.000
2011-07-31 11:07 . 2011-07-31 11:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-16 18:04 . 2011-07-16 18:16 -------- d-----w- c:\documents and settings\Eric\Application Data\Apple Computer
2011-07-16 18:01 . 2011-07-16 18:01 -------- d-----w- c:\program files\iPod
2011-07-16 17:59 . 2011-07-16 18:02 -------- d-----w- c:\program files\iTunes
2011-07-16 17:59 . 2011-07-16 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-16 17:57 . 2011-07-16 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-07-16 17:57 . 2011-07-16 17:57 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Apple
2011-07-16 17:56 . 2011-07-16 17:56 -------- d-----w- c:\program files\Apple Software Update
2011-07-16 17:46 . 2011-07-16 17:46 -------- d-----w- c:\program files\Bonjour
2011-07-16 17:45 . 2011-07-16 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-07-16 17:45 . 2011-07-16 18:01 -------- d-----w- c:\program files\Common Files\Apple
2011-07-16 17:45 . 2011-07-16 18:04 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Apple Computer
2011-07-16 14:07 . 2011-07-16 14:17 -------- d-----w- C:\Android
2011-07-16 12:48 . 2011-07-30 18:54 -------- d-----w- c:\documents and settings\Eric\workspace
2011-07-16 12:38 . 2011-07-31 12:00 -------- d-----w- c:\program files\eclipse
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 10:44 . 2008-11-16 13:47 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-07-11 10:43 . 2008-11-16 13:47 1721312 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2011-07-11 08:15 . 2011-07-11 08:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-11 08:15 . 2010-06-24 20:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-07 00:52 . 2009-10-28 13:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2009-10-28 13:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 09:18 . 2011-06-19 09:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-06_05.26.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-14 12:14 . 2011-08-14 12:14 16384 c:\windows\temp\Perflib_Perfdata_708.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-3 113664]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-4-30 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-28 122880]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3713959246-320310600-2471480639-1178\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DevServer\\9.0\\WebDev.WebServer.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/6/2011 12:08 AM 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/17/2010 12:10 PM 218592]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/18/2010 7:50 AM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/18/2010 7:50 AM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/18/2010 7:50 AM 29560]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [6/22/2007 9:22 AM 95592]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/18/2010 7:50 AM 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/18/2010 7:50 AM 3364856]
S2 gupdate1c95cab836b518e;Google Update Service (gupdate1c95cab836b518e);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 5:46 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 5:46 PM 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/29/2010 3:36 AM 717296]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-07 10:55]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 11:34]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: aig.com\na.connect
TCP: DhcpNameServer = 24.206.220.35 24.206.220.45 208.180.42.100
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\y8rdhq3a.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LinkDiagnosis 2.2: [You must be registered and logged in to see this link.] - %profile%\extensions\beta@linkdiagnosis.com
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-08-15 04:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQLEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\CSGina.dll
.
- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-08-15 04:23:03
ComboFix-quarantined-files.txt 2011-08-15 09:22
ComboFix2.txt 2011-08-06 11:58
ComboFix3.txt 2011-08-06 05:31
ComboFix4.txt 2010-06-21 05:12
ComboFix5.txt 2011-08-15 08:59
.
Pre-Run: 138,384,146,432 bytes free
Post-Run: 138,388,852,736 bytes free
.
- - End Of File - - 918C129677DC14B213AB840E7729A48A

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Tue 16 Aug 2011, 1:28 pm

Hi,

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by grasshopper on Tue 16 Aug 2011, 8:12 pm

Hello,

This was using the Quickscan option...

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-06 01:26:12
-----------------------------
01:26:12.562 OS Version: Windows 5.1.2600 Service Pack 3
01:26:12.562 Number of processors: 2 586 0x4B02
01:26:12.562 ComputerName: P4-4400 UserName: Eric
01:26:13.671 Initialize success
01:27:16.234 AVAST engine defs: 11080501
01:27:53.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:27:53.203 Disk 0 Vendor: WDC_WD2500JS-75NCB3 10.02E04 Size: 238418MB BusType: 3
01:27:55.234 Disk 0 MBR read successfully
01:27:55.250 Disk 0 MBR scan
01:27:55.328 Disk 0 Windows XP default MBR code
01:27:55.343 Disk 0 scanning sectors +488278016
01:27:55.468 Disk 0 scanning C:\WINDOWS\system32\drivers
01:28:05.406 Service scanning
01:28:08.953 Modules scanning
01:28:17.015 Disk 0 trace - called modules:
01:28:17.078 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
01:28:17.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ab4ab8]
01:28:17.125 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x89b33a10]
01:28:17.156 5 PCTCore.sys[f743ceae] -> nt!IofCallDriver -> \Device\00000065[0x89ab73b8]
01:28:17.328 7 ACPI.sys[f758e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89aa6d98]
01:28:18.296 AVAST engine scan C:\WINDOWS
01:28:24.828 AVAST engine scan C:\WINDOWS\system32
01:29:55.875 AVAST engine scan C:\WINDOWS\system32\drivers
01:30:11.437 AVAST engine scan C:\Documents and Settings\Eric
01:30:26.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
01:30:27.031 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-16 03:54:45
-----------------------------
03:54:45.656 OS Version: Windows 5.1.2600 Service Pack 3
03:54:45.656 Number of processors: 2 586 0x4B02
03:54:45.656 ComputerName: P4-4400 UserName: Eric
03:54:46.406 Initialize success
03:58:33.906 AVAST engine defs: 11081600
03:59:22.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:59:22.421 Disk 0 Vendor: WDC_WD2500JS-75NCB3 10.02E04 Size: 238418MB BusType: 3
03:59:24.453 Disk 0 MBR read successfully
03:59:24.453 Disk 0 MBR scan
03:59:24.500 Disk 0 Windows XP default MBR code
03:59:24.500 Disk 0 scanning sectors +488278016
03:59:24.578 Disk 0 scanning C:\WINDOWS\system32\drivers
03:59:35.218 Service scanning
03:59:36.140 Modules scanning
03:59:40.937 Disk 0 trace - called modules:
03:59:40.968 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
03:59:40.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89c6cab8]
03:59:40.968 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x89d2f920]
03:59:40.968 5 PCTCore.sys[b7eadeae] -> nt!IofCallDriver -> \Device\00000063[0x89cf0510]
03:59:40.968 7 ACPI.sys[b7f5f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d87940]
03:59:42.000 AVAST engine scan C:\WINDOWS
03:59:48.843 AVAST engine scan C:\WINDOWS\system32
04:01:18.921 AVAST engine scan C:\WINDOWS\system32\drivers
04:01:32.875 AVAST engine scan C:\Documents and Settings\Eric
04:11:06.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
04:11:06.078 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"



grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by grasshopper on Wed 17 Aug 2011, 8:27 pm

Hello Sneakyone,

More issues this morning... Came out to system with a blank screen but still on. Finally forced a shut down and reboot. System rebooted itself after login attempt about 5 times. Now getting Application Error on WinLogin.exe and am dealling with multiple (loop) Windows Explorer Errors to send Report to Microsoft. Cannot even login at this point. (probably could in safe mode but have not tried)

Very frustrating!

Finally able to login after shut down where windows installed an update. Able to login at this point.
Eric

BTW... I assume I still need to wait to install Avast Free correct?

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sneakyone on Thu 18 Aug 2011, 9:11 am

Yep, could you please re-run ComboFix?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by grasshopper on Fri 19 Aug 2011, 8:45 am

Thanks again!

ComboFix 11-08-17.03 - Eric 08/18/2011 4:55.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1441 [GMT -5:00]
Running from: c:\documents and settings\Eric\Desktop\commy.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-17 09:54 . 2011-08-17 09:54 -------- d-----w- c:\windows\LastGood
2011-08-16 21:56 . 2011-08-16 21:56 -------- d-----w- C:\spoolerlogs
2011-08-15 08:59 . 2011-08-15 09:23 -------- d-----w- C:\commy
2011-08-06 05:08 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-08-06 05:08 . 2011-08-06 05:08 -------- d-----w- c:\program files\Panda Security
2011-08-05 04:33 . 2011-08-05 04:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-08-01 22:52 . 2011-08-01 22:52 -------- d-----w- C:\found.001
2011-08-01 09:21 . 2011-08-01 09:21 -------- d-sh--w- c:\documents and settings\Eric\IECompatCache
2011-08-01 09:08 . 2011-08-01 09:08 -------- d-----w- C:\found.000
2011-07-31 11:07 . 2011-07-31 11:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-23 10:39 . 2011-07-31 11:18 -------- d-----w- c:\documents and settings\egrimnes\Application Data\Apple Computer
2011-07-23 10:39 . 2011-07-23 10:39 -------- d-----w- c:\documents and settings\egrimnes\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 10:44 . 2008-11-16 13:47 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-07-11 10:43 . 2008-11-16 13:47 1721312 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2011-07-11 08:15 . 2011-07-11 08:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-11 08:15 . 2010-06-24 20:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-07 00:52 . 2009-10-28 13:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2009-10-28 13:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 09:18 . 2011-06-19 09:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-06_05.26.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-17 09:29 . 2011-08-17 09:29 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat
+ 2010-12-10 23:29 . 2010-12-10 23:29 64864 c:\windows\system32\sqlctr90.dll
+ 2003-03-31 12:00 . 2011-08-17 10:01 93624 c:\windows\system32\perfc009.dat
+ 2011-08-16 22:00 . 2011-08-16 22:00 15698 c:\windows\SoftwareDistribution\EventCache\{64F2334F-E941-4128-A056-A1A788104845}.bin
+ 2011-08-17 09:18 . 2011-08-17 09:28 2920 c:\windows\SoftwareDistribution\EventCache\{F8983837-1703-4271-9F30-77E6D40DB52E}.bin
+ 2003-03-31 12:00 . 2011-08-17 10:01 511448 c:\windows\system32\perfh009.dat
+ 2011-08-17 10:04 . 2011-08-17 10:04 814080 c:\windows\Installer\19307f.msi
+ 2011-08-17 10:01 . 2011-08-17 10:01 6409728 c:\windows\Installer\193074.msi
+ 2011-08-17 10:00 . 2011-08-17 10:00 1625440 c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-3 113664]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-4-30 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-28 122880]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3713959246-320310600-2471480639-1178\Scripts\Logon\0\0]
"Script"=logon.bat
.

grasshopper

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-06-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Possible Virus with Avgcsrvx.exe

Post by Sponsored content Today at 12:52 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum