TechSpot

Multiple Virus warning allows popping up

By atcdav
Oct 29, 2010
  1. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OK.
    Delete your Combofix file, download fresh one and post new log.
     
  2. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    Ran combofix in normal mode. At first I had the same error messages as usual but then after those messages it ran:

    ComboFix 10-10-29.04 - ANDREW 10/30/2010 11:34:36.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1396 [GMT -5:00]
    Running from: c:\documents and settings\ANDREW\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\ANDREW\Application Data\73421B9E4D2705309CDD50371FAD8207
    c:\documents and settings\ANDREW\Application Data\73421B9E4D2705309CDD50371FAD8207\enemies-names.txt
    c:\documents and settings\ANDREW\Application Data\73421B9E4D2705309CDD50371FAD8207\local.ini
    c:\documents and settings\ANDREW\Application Data\73421B9E4D2705309CDD50371FAD8207\xrlib707iofile.exe
    c:\documents and settings\ANDREW\Application Data\Bitrix Security
    c:\documents and settings\ANDREW\Application Data\Bitrix Security\qgace71_shrd
    c:\documents and settings\ANDREW\Application Data\Bitrix Security\qnf.txt
    c:\documents and settings\ANDREW\Application Data\Bitrix Security\rvslnh
    c:\documents and settings\ANDREW\Application Data\inst.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-30 16:31 . 2010-10-30 16:31 -------- d-----w- c:\documents and settings\ANDREW\Application Data\AVG9
    2010-10-30 15:28 . 2007-03-09 16:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-10-30 15:28 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-30 15:28 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{98500813-5296-4EF0-B32D-3F79047BD9A5}\mpengine.dll
    2010-10-30 15:28 . 2010-10-30 15:28 -------- d-----w- c:\program files\Windows Defender
    2010-10-30 15:00 . 2010-10-30 15:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
    2010-10-30 08:04 . 2010-10-30 08:04 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-10-30 05:02 . 2010-10-30 05:02 -------- d-----w- C:\_OTL
    2010-10-30 05:01 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-30 05:01 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-30 05:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-30 01:08 . 2010-10-30 01:08 -------- d-----w- c:\program files\Common Files\Java
    2010-10-29 23:56 . 2010-10-29 23:56 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-10-29 23:30 . 2010-10-29 23:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-10-28 23:38 . 2010-10-30 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-30 03:29 . 2001-08-23 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
    2010-10-29 23:56 . 2009-11-02 23:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-10-29 23:56 . 2009-11-02 23:50 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-10-29 23:56 . 2009-11-02 23:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-18 17:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 09:50 . 2010-06-11 23:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 07:29 . 2009-08-21 22:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2001-08-23 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2001-08-23 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2001-08-23 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2001-08-23 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-08-21 22:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2001-08-23 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2001-08-23 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-30_15.16.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-30 16:12 . 2010-10-30 16:12 16384 c:\windows\temp\Perflib_Perfdata_9d4.dat
    + 2010-10-30 15:28 . 2010-10-30 15:28 1155072 c:\windows\Installer\87c11.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-10-06 16:31 2475336 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2007-11-07 1626112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8523776]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "\\DAVE-C2D\EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
    "EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "Auto EPSON Stylus CX4800 Series on DAVE-C2D"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-29 2067808]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-9 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-10-29 23:56 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "4865:TCP"= 4865:TCP:Services
    "8230:TCP"= 8230:TCP:Services

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/2/2009 6:50 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/2/2009 6:50 PM 243024]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/29/2010 6:56 PM 308136]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/2/2009 6:50 PM 517448]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - klmd25
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{AD236610-4C9C-4433-82A4-63439F6A15C0}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

    2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{D300915B-6563-4F49-8FA5-69799399C67F}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    FF - ProfilePath - c:\documents and settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.selectedEngine - Google
    FF - user.js: browser.search.order.1 - Google
    FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 11:38
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800AAJS-18TDA1 rev.01.00A04 -> \Device\Ide\IdeDeviceP4T0L0-1b

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DEEAB8]
    3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000073[0x89DDFF18]
    5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x89DECD98]
    kernel: MBR read successfully
    user != kernel MBR !!!
    sectors 156249998 (+255): user != kernel

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(696)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    .
    Completion time: 2010-10-30 11:40:17
    ComboFix-quarantined-files.txt 2010-10-30 16:40
    ComboFix2.txt 2010-10-30 15:17

    Pre-Run: 51,016,921,088 bytes free
    Post-Run: 51,004,153,856 bytes free

    - - End Of File - - 19A9B60EE5455CAE98098AF00949697A
     
  3. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    Also during each of the Combofix scans I got a Windows error message PEV.cfxxe encoutered a problem
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That's Combofix file. Nothing to worry about.

    Download and save HelpAsst_mebroot_fix.exe to your desktop.
    • Close all open programs.
    • Double click HelpAsst_mebroot_fix.exe to run it.
    • Pay attention to the running tool.
    • If the tool detects mbr infection, please allow it to run mbr -f and shutdown your computer. To do so, type Y and press Enter.
    • After restart, wait 5 minutes, then go Start>Run, copy and paste the following command in the run box then hit Enter:

      • helpasst -mbrt
    • When it completes, a log will open.
    • Please post the contents of that log.

    IMPORTANT!
    If the tool does NOT detect any mbr infection and completes, proceed with the following...

    • Click Start>Run and copy and paste the following command, then hit Enter:

      • mbr -f
    • Repeat the above step one more time
    • Now shut down the computer (do not restart, but shut it down), wait 5 minutes then start it back up.
    • Wait another 5 minutes, then click Start>Run and copy and paste the following command, then hit Enter.

      • helpasst -mbrt
    • When it completes, a log will open.
    • Please post the contents of that log.

    **Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
     
  5. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    I could only run in safemode

    C:\Documents and Settings\Administrator\Desktop\HelpAsst_mebroot_fix.exe
    Sat 10/30/2010 at 12:49:22.32

    HelpAssistant account Inactive

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found

    ~~ Checking firewall ports ~~

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking mbr ~~

    user & kernel MBR OK

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Status check on Sat 10/30/2010 at 13:05:32.03

    Account active No
    Local Group Memberships

    ~~ Checking mbr ~~

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 0x094FE9BD
    PE file found in sector at 0x094FE9D6 !

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found


    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking for HelpAssistant directories ~~

    none found

    ~~ Checking firewall ports ~~

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    ~~ EOF ~~
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That looks good.

    Let's double check.

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
    g
     
  8. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    previous log was not run from desktop but from inside the rar extractor. here is a new one

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
    g
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    It looks good :)

    How is computer doing at the moment?

    Please, re-run OTL "Quick scan" and post fresh log (it'll create only one log).
     
  10. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    runs ok but I dont know why I still get the permissions errors
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Tell me more about it.
     
  12. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    In normal mode many tasks I cant do. I have to go into safemode. Like many of these programs you had me run. Went I bootup I get and error for the logitech set point. these errors reference a file in the blue bar and then they all say "windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." I get this message if I try to delete a file, run some of your programs
     
  13. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    OTL logfile created on: 10/30/2010 1:36:11 PM - Run 3
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\ANDREW\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 47.38 Gb Free Space | 63.60% Space Free | Partition Type: NTFS
    Drive D: | 74.50 Gb Total Space | 25.63 Gb Free Space | 34.41% Space Free | Partition Type: NTFS
    Drive E: | 37.26 Gb Total Space | 15.45 Gb Free Space | 41.46% Space Free | Partition Type: NTFS

    Computer Name: ANDREWS_PC | User Name: ANDREW | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/29 23:38:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\OTL.exe
    PRC - [2010/10/29 18:56:49 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010/10/29 18:56:44 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/10/29 18:56:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/10/29 18:56:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/10/29 18:56:23 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/10/29 18:56:21 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/10/20 17:25:08 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
    PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/25 18:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
    PRC - [2007/10/25 18:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    PRC - [2007/10/25 18:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2007/10/19 15:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2007/10/19 15:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2004/12/20 19:12:36 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    PRC - [2003/11/20 16:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
    PRC - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/10/29 23:38:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/29 18:56:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2007/10/19 15:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/10/19 15:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/10/19 15:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ANDREW\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/10/29 18:56:47 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/10/29 18:56:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/10/29 18:56:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/12/11 00:38:56 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2009/12/11 00:38:56 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/11/06 22:00:00 | 007,429,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2007/10/19 15:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/10/11 20:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/10/11 20:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/05/09 23:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2007/05/09 23:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2006/07/02 00:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/07/26 09:01:56 | 000,415,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
    DRV - [2005/07/26 08:58:30 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
    DRV - [2004/11/26 09:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2004/09/22 13:16:18 | 000,012,288 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
    DRV - [2003/01/10 15:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
    DRV - [2001/08/17 08:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 5D DD F8 56 78 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.2.1
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101067100&s="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - user.js..browser.search.selectedEngine: "Google"
    FF - user.js..browser.search.order.1: "Google"
    FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101067100&s="

    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/29 18:57:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 16:42:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 16:42:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2009/11/02 18:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Extensions
    [2010/10/29 20:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions
    [2009/11/02 18:55:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/22 17:41:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/02/12 09:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/02/12 09:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\YoutubeDownloader@PeterOlayev.com
    [2010/10/30 10:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/11 18:15:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/29 20:07:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/02/03 21:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/02/03 21:06:40 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

    O1 HOSTS File: ([2010/10/30 12:29:53 | 000,000,074 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [\\DAVE-C2D\EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Auto EPSON Stylus CX4800 Series on DAVE-C2D] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250889773483 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250972942765 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\ANDREW\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\ANDREW\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/21 16:10:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/08/19 20:45:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/30 13:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/10/30 12:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ANDREW\Local Settings\Application Data\AVG Security Toolbar
    [2010/10/30 12:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/10/30 12:26:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/10/30 12:26:20 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
    [2010/10/30 11:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/10/30 11:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/10/30 11:49:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\ANDREW\Desktop\spybotsd162.exe
    [2010/10/30 11:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ANDREW\Application Data\AVG9
    [2010/10/30 10:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2010/10/30 10:17:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/30 10:11:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/30 10:08:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/30 10:08:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/30 10:08:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/30 10:08:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/30 10:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/30 10:07:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/30 03:04:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
    [2010/10/30 00:02:21 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/10/29 23:38:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\OTL.exe
    [2010/10/29 22:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ANDREW\Desktop\tdsskiller
    [2010/10/29 20:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/10/29 20:05:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\TFC.exe
    [2010/10/29 19:45:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ANDREW\Recent
    [2010/10/29 18:56:44 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/10/28 18:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
    [2009/08/22 01:04:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ANDREW\Application Data\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 13:36:01 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/30 13:35:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/30 12:39:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D300915B-6563-4F49-8FA5-69799399C67F}.job
    [2010/10/30 12:29:53 | 000,000,074 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/30 12:20:10 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\HelpAsst_mebroot_fix.exe
    [2010/10/30 11:50:56 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\ANDREW\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/10/30 11:50:56 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\Spybot - Search & Destroy.lnk
    [2010/10/30 11:49:07 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\ANDREW\Desktop\spybotsd162.exe
    [2010/10/30 11:38:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts3.bak
    [2010/10/30 11:28:45 | 003,896,280 | R--- | M] () -- C:\Documents and Settings\ANDREW\Desktop\ComboFix.exe
    [2010/10/30 10:16:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts2.bak
    [2010/10/30 10:11:27 | 000,000,339 | RHS- | M] () -- C:\boot.ini
    [2010/10/30 09:43:36 | 067,010,333 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/10/30 09:40:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD236610-4C9C-4433-82A4-63439F6A15C0}.job
    [2010/10/30 03:28:27 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/30 03:10:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/30 03:06:49 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/30 03:06:49 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/30 03:04:10 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2010/10/29 23:38:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\OTL.exe
    [2010/10/29 23:15:27 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\exeHelper.com
    [2010/10/29 23:12:53 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\rkill.com
    [2010/10/29 22:20:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\MBRCheck.exe
    [2010/10/29 22:20:26 | 001,207,026 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\tdsskiller.zip
    [2010/10/29 21:49:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/10/29 20:11:53 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/29 20:05:10 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\TFC.exe
    [2010/10/29 20:02:20 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\dds.scr
    [2010/10/29 18:56:47 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/10/29 18:56:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/10/29 18:56:44 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/10/29 18:56:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

    ========== Files Created - No Company Name ==========

    [2010/10/30 12:20:10 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\HelpAsst_mebroot_fix.exe
    [2010/10/30 11:50:56 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/10/30 11:50:56 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\Spybot - Search & Destroy.lnk
    [2010/10/30 11:28:40 | 003,896,280 | R--- | C] () -- C:\Documents and Settings\ANDREW\Desktop\ComboFix.exe
    [2010/10/30 10:11:27 | 000,000,223 | ---- | C] () -- C:\Boot.bak
    [2010/10/30 10:11:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/30 10:08:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/30 10:08:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/30 10:08:08 | 000,085,504 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 10:08:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/30 10:08:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/30 03:00:49 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/10/29 23:15:27 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\exeHelper.com
    [2010/10/29 23:12:53 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\rkill.com
    [2010/10/29 22:20:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\MBRCheck.exe
    [2010/10/29 22:20:25 | 001,207,026 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\tdsskiller.zip
    [2010/10/29 20:02:19 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\dds.scr
    [2010/09/15 21:40:27 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/04/13 19:59:47 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\ANDREW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/09 14:36:09 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\setup_ldm.iss
    [2009/10/08 18:52:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2009/08/22 01:04:04 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\pcouffin.log
    [2009/08/22 01:04:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\pcouffin.cat
    [2009/08/22 01:04:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\pcouffin.inf
    [2009/08/21 23:22:48 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/08/21 23:22:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/08/21 23:22:47 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/08/21 23:22:46 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009/08/21 23:22:46 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/08/21 23:22:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/08/21 22:57:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
    [2009/08/21 08:59:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/10/07 11:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 11:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2007/11/06 22:00:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/11/06 22:00:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/11/06 22:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/11/06 22:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/10/11 20:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2007/05/09 22:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

    ========== LOP Check ==========

    [2010/10/29 18:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/10/29 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/04/24 18:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2009/08/25 16:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/10/30 10:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
    [2009/11/18 19:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2009/08/22 09:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/10/30 11:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\AVG9
    [2010/09/15 20:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Azureus
    [2010/09/15 19:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\FrostWire
    [2010/01/22 13:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\HorizonWimba
    [2009/10/09 14:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Leadertech
    [2010/09/20 16:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\LimeWire
    [2009/12/10 13:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Paltalk
    [2010/06/15 19:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\uTorrent
    [2010/09/15 19:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Vso
    [2010/10/30 09:40:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD236610-4C9C-4433-82A4-63439F6A15C0}.job
    [2010/10/30 12:39:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D300915B-6563-4F49-8FA5-69799399C67F}.job

    ========== Purity Check ==========



    < End of report >
     
  14. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    I have to go to work so I will have to continue later. Thanks again for all of your help
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    The above issue may be caused by AVG.
    Uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools and see, if it fixes the issue.

    OTL log looks good.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    I uninstalled AVG and still get same permission error. Security check will not run in normal mode error : "SecurityCheck\SecurityCheck.bat Windows cannot find "securitycheck\securitycheck.bat. Make sure you typed the name correctly, and then try again. To search for a file, click the start button
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Re-download fresh copy of SecurityCheck and try again.
    On a side note...you may have some non-malware related issues...
     
  18. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    i tried to download it a few times. the ESET scan is running now. I wonder if the maware changed some settings?

    Eset found something. It is still scanning but found "a variant of win32/injector CYZ trojan

    I think something is amiss with ESET. It has been runnng for about an hour and shows only 10% complete. BUt what is really strange is it shows 70,000 files scanned and 60,000 of them infected and the number keeps climbing, all of the threat are the same, the one I listed above
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Well, I don't want to comment until we see results.
    It doesn't look promising though...
     
  20. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    it is close to done, but around 61,000 threats, not all the same.
     
  21. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    file is too big
     
  22. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    C:\Documents and Settings\ANDREW\__\#1 Video Converter 5.2.32.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\.NET PDF Viewer 2.4.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\.photobucket.comalbumsoo286RemygaRAJ.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\000012345abcxxzzyy.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\001 File Joiner and Splitter 4.0.5.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\007 James Bond NightFire!.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\007 Quantum of Solace PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\007 Quantum Of Solace Wii.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\007 Stealth Activity Monitor 4.2 SAM.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\009 Sound System - With A Spirit.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\009soft Sound Effect Maker 1.2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day 15 May 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day 19 November 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day 21 April 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day 26 October 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day Pack 07.04.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0xford English Dictionary Collection of 4 Major Dictionaries.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 12 Ritter PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click Dvd Copy 5.4.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 click DVD copy 5.7.9.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 3.2.6.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 4.0.6.2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 5.6.4.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click Dvd Copy Pro v4.2.2.1 Portable.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy v5.4.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 DVD Ripper 7.3.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Million Serial Keys For Softwares.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 MIllion Serial Numbers for applications.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Million Serial numbers Keys And More.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Penguin 100 Cases Portable.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Penguin 100 Cases.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.27.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.32.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.46.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.2.13.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.14 (Portable).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.17.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.24.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.31 Rus.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.31 Rust.zip a variant of Win32/Injector.CYZ trojan
    :\Documents and Settings\ANDREW\__\1 Video Converter 5.2.32.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter v5.2.26.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 year account for nod32 anti.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1-Click YouTube Downloader Version 3.5.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days To Save The World The Adv Of Diana Salinger HF - Tastro.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days To Save the World The Adventures of Diana ..zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days To Save the World The Adventures of Diana Salinger 2.0.0.6.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days to Save the World.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days Under The Sea 1.0.0.3.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days Under The Sea.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Dead Men (2008) DVDRip.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Fresh Keys for nod32 on 07.24.2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 hot game 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Themes For Symbian.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Thems For Nokia.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Adobe Photoshop Plugins.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Best Portable Software Collection 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Best Portable softwares and Appz AIO Collection 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Best Portable softwares and Appz AIO Collection.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Best Themes For Windows Seven 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Classic Books USA NDS.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Flash Site.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Game Mini Collection 2010 for PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 gamesSega PC gamezWindows MacOS123MB.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Girls 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 miniclip flash games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Miniclip FlashGames.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 New Mobile JAVA Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Nokia Themes.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Science Words College Graduate Should Know 1.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Themes fo WinDows XP.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Themes for WinDows XP.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Wallpapers High Quality Update.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100's of Super Nintendo Games for PS2 (PS2).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games (2008).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games (2010).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games - 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games [2008].zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Dance Party 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Essential Programs Collection Pack.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Gadget Collection For Windows 7 Vista And XP.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Game PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games 3.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games FASiSO (2009).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 (2010).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 FASiSO 2009-ENG.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 PC CD 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3-FASiSO (2009).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3-FASiSO 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 genuine Serials Of Microsoft Products.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Java Mobile Game Collection 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Latest Java Mobile Game Collection 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000Of Genuine Microsoft Products.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Minigolf Challenge (portable).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Minigolf Challenge Portable.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Nights The Adventures of Sinbad 1.00.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Nights The Adventures Of Sindbad ENG.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Nights The Adventures Of Sindbad PCENG.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Nights The Adventures Of Sindbad.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100Rapidshare Premium Link Generator.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100s of Super Nintendo Games for PS2 PS2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100_BEST_FLASH_Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Aussie Hits 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Bunny Pets.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 BUNNY PETSVirtual Pet Game.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Card And Board Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Card.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Dinner Party Songs 5CD.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 in 1 Party Megamix Wii.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Languages of The World (Complete 4CDs).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Languages of the World Complete 4CDs.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Languages of the World Complete 4CDsInteractive Tutorial.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Languages of the World.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Punk.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\103 Hentai Games 10 games added PART 1.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\103 Hentai Games 10 games addedPART 2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\107 Best Softwares Collection 3cds.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\107 Best Softwares Collection.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Best Game Portable 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Days 11 Nights 2 1990 DVDRip XviD.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Game Portable (2010).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Steps to Create a Successful Web Site.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Themes For Symbian 9.1.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\110 Minigames Flash Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\111 Favourite Miniclip Flashgames.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\111 Flash Games Collection.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\111 Miniclip Flash Game.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\111 Miniclip Flash Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1112 episode 02 v1.0.0 iPhone and iPod touch - AD.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\112dB Redline Series Reverb 1.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\113 New ProgramsGames For Ipad.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\115Photoshop Lessons.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11Ashampoo Anti-Malware v1.20 Multilingual.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 antivirus tools.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Best Java Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Most Wanted Tools to Fix An Infected PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Most wanted tools while fixing an infected PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Must have tools while fixing an infected PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Rounds (2009).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Rounds 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Tools to Fix An Infected Computer.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Windows7 Crystal Themes.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\120 Card Tricks Plus Bar Magic.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\120 Classic PC Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1201 (1993).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\123 Flash Chat 6.4.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\123 Graphic Converter 3.0.0.1.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\125 Plymouth Car Wallpapers.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\136 PhotoshopPlugins v4.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\14 Eagle Slots Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\14 Flash Games.zip a variant of Win32/Injector.CYZ trojan

    60k plus of these after Andrew_ it goes through the entire alphabet
     
  23. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    C:\Documents and Settings\ANDREW\__\Zzed 1.1 (Portable).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\Zzed Portable.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\Zzed v1.1 Portableò.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\[12 September, 2009] NOD32 latest escalation ID.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\Ð?еÑÐµÐ»Ð°Ñ Ñ?еÑ?ма (2010).zip a variant of Win32/Injector.CYZ trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\ANDREW\autorun.inf.vir INF/Autorun virus
    C:\System Volume Information\_restore{D2F070E1-5B14-4678-8247-DE3B185599E2}\RP2\A0000605.sys a variant of Win32/Bubnix.BD trojan
    C:\_OTL\MovedFiles\10302010_000221\C_WINDOWS\system32\mqbktvdm.dll a variant of Win32/Kryptik.HTA trojan
    D:\Incomplete\T-3410736-full sail ryan farish.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    D:\music\chelsea dagger new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    D:\music\it must really suck to be fys.wma probably a variant of Win32/Agent.JMYGWDG trojan
    D:\music\ryan farish full sail.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    D:\music2\chelsea dagger new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    D:\music2\it must really suck to be fys.wma probably a variant of Win32/Agent.JMYGWDG trojan
    D:\music2\ryan farish full sail.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    E:\Documents and Settings\AMS\Desktop\recovery\music2\hollywood undead.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan
     
  24. atcdav

    atcdav TS Rookie Topic Starter Posts: 71

    I would hope most are false positives. Or maybe there is a virus replicating. But I installed Avast and ran it. It found/removed 40 threats. I am looking at formating the D and E drives, I think it is a junk anyway.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Before we go any further, I need more info...
    You said, over 60,000 threats were listed by Eset, so where is the rest?
    Then, where all those .zip and .mp3 files came from?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...