TechSpot

Multiple Virus warning allows popping up

Solved
By atcdav
Oct 29, 2010
  1. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    OK.
    Delete your Combofix file, download fresh one and post new log.
     
  2. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    Ran combofix in normal mode. At first I had the same error messages as usual but then after those messages it ran:

    ComboFix 10-10-29.04 - ANDREW 10/30/2010 11:34:36.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1396 [GMT -5:00]
    Running from: c:\documents and settings\ANDREW\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\ANDREW\Application Data\73421B9E4D2705309CDD50371FAD8207
    c:\documents and settings\ANDREW\Application Data\73421B9E4D2705309CDD50371FAD8207\enemies-names.txt
    c:\documents and settings\ANDREW\Application Data\73421B9E4D2705309CDD50371FAD8207\local.ini
    c:\documents and settings\ANDREW\Application Data\73421B9E4D2705309CDD50371FAD8207\xrlib707iofile.exe
    c:\documents and settings\ANDREW\Application Data\Bitrix Security
    c:\documents and settings\ANDREW\Application Data\Bitrix Security\qgace71_shrd
    c:\documents and settings\ANDREW\Application Data\Bitrix Security\qnf.txt
    c:\documents and settings\ANDREW\Application Data\Bitrix Security\rvslnh
    c:\documents and settings\ANDREW\Application Data\inst.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-30 16:31 . 2010-10-30 16:31 -------- d-----w- c:\documents and settings\ANDREW\Application Data\AVG9
    2010-10-30 15:28 . 2007-03-09 16:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-10-30 15:28 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-30 15:28 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{98500813-5296-4EF0-B32D-3F79047BD9A5}\mpengine.dll
    2010-10-30 15:28 . 2010-10-30 15:28 -------- d-----w- c:\program files\Windows Defender
    2010-10-30 15:00 . 2010-10-30 15:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
    2010-10-30 08:04 . 2010-10-30 08:04 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-10-30 05:02 . 2010-10-30 05:02 -------- d-----w- C:\_OTL
    2010-10-30 05:01 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-30 05:01 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-30 05:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-30 01:08 . 2010-10-30 01:08 -------- d-----w- c:\program files\Common Files\Java
    2010-10-29 23:56 . 2010-10-29 23:56 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-10-29 23:30 . 2010-10-29 23:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-10-28 23:38 . 2010-10-30 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-30 03:29 . 2001-08-23 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
    2010-10-29 23:56 . 2009-11-02 23:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-10-29 23:56 . 2009-11-02 23:50 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-10-29 23:56 . 2009-11-02 23:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-18 17:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 09:50 . 2010-06-11 23:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 07:29 . 2009-08-21 22:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2001-08-23 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2001-08-23 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2001-08-23 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2001-08-23 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-08-21 22:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2001-08-23 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2001-08-23 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-30_15.16.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-30 16:12 . 2010-10-30 16:12 16384 c:\windows\temp\Perflib_Perfdata_9d4.dat
    + 2010-10-30 15:28 . 2010-10-30 15:28 1155072 c:\windows\Installer\87c11.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-10-06 16:31 2475336 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2007-11-07 1626112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8523776]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 131072]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "\\DAVE-C2D\EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
    "EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "Auto EPSON Stylus CX4800 Series on DAVE-C2D"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-29 2067808]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-9 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-10-29 23:56 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "4865:TCP"= 4865:TCP:Services
    "8230:TCP"= 8230:TCP:Services

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/2/2009 6:50 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/2/2009 6:50 PM 243024]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/29/2010 6:56 PM 308136]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/2/2009 6:50 PM 517448]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - klmd25
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{AD236610-4C9C-4433-82A4-63439F6A15C0}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

    2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{D300915B-6563-4F49-8FA5-69799399C67F}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    FF - ProfilePath - c:\documents and settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.selectedEngine - Google
    FF - user.js: browser.search.order.1 - Google
    FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 11:38
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800AAJS-18TDA1 rev.01.00A04 -> \Device\Ide\IdeDeviceP4T0L0-1b

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DEEAB8]
    3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000073[0x89DDFF18]
    5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x89DECD98]
    kernel: MBR read successfully
    user != kernel MBR !!!
    sectors 156249998 (+255): user != kernel

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(696)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    .
    Completion time: 2010-10-30 11:40:17
    ComboFix-quarantined-files.txt 2010-10-30 16:40
    ComboFix2.txt 2010-10-30 15:17

    Pre-Run: 51,016,921,088 bytes free
    Post-Run: 51,004,153,856 bytes free

    - - End Of File - - 19A9B60EE5455CAE98098AF00949697A
     
  3. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    Also during each of the Combofix scans I got a Windows error message PEV.cfxxe encoutered a problem
     
  4. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    That's Combofix file. Nothing to worry about.

    Download and save HelpAsst_mebroot_fix.exe to your desktop.
    • Close all open programs.
    • Double click HelpAsst_mebroot_fix.exe to run it.
    • Pay attention to the running tool.
    • If the tool detects mbr infection, please allow it to run mbr -f and shutdown your computer. To do so, type Y and press Enter.
    • After restart, wait 5 minutes, then go Start>Run, copy and paste the following command in the run box then hit Enter:

      • helpasst -mbrt
    • When it completes, a log will open.
    • Please post the contents of that log.

    IMPORTANT!
    If the tool does NOT detect any mbr infection and completes, proceed with the following...

    • Click Start>Run and copy and paste the following command, then hit Enter:

      • mbr -f
    • Repeat the above step one more time
    • Now shut down the computer (do not restart, but shut it down), wait 5 minutes then start it back up.
    • Wait another 5 minutes, then click Start>Run and copy and paste the following command, then hit Enter.

      • helpasst -mbrt
    • When it completes, a log will open.
    • Please post the contents of that log.

    **Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
     
  5. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    I could only run in safemode

    C:\Documents and Settings\Administrator\Desktop\HelpAsst_mebroot_fix.exe
    Sat 10/30/2010 at 12:49:22.32

    HelpAssistant account Inactive

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found

    ~~ Checking firewall ports ~~

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking mbr ~~

    user & kernel MBR OK

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Status check on Sat 10/30/2010 at 13:05:32.03

    Account active No
    Local Group Memberships

    ~~ Checking mbr ~~

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 0x094FE9BD
    PE file found in sector at 0x094FE9D6 !

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found


    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking for HelpAssistant directories ~~

    none found

    ~~ Checking firewall ports ~~

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    ~~ EOF ~~
     
  6. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    That looks good.

    Let's double check.

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
    g
     
  8. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    previous log was not run from desktop but from inside the rar extractor. here is a new one

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
    g
     
  9. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    It looks good :)

    How is computer doing at the moment?

    Please, re-run OTL "Quick scan" and post fresh log (it'll create only one log).
     
  10. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    runs ok but I dont know why I still get the permissions errors
     
  11. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Tell me more about it.
     
     
  12. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    In normal mode many tasks I cant do. I have to go into safemode. Like many of these programs you had me run. Went I bootup I get and error for the logitech set point. these errors reference a file in the blue bar and then they all say "windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." I get this message if I try to delete a file, run some of your programs
     
  13. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    OTL logfile created on: 10/30/2010 1:36:11 PM - Run 3
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\ANDREW\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 47.38 Gb Free Space | 63.60% Space Free | Partition Type: NTFS
    Drive D: | 74.50 Gb Total Space | 25.63 Gb Free Space | 34.41% Space Free | Partition Type: NTFS
    Drive E: | 37.26 Gb Total Space | 15.45 Gb Free Space | 41.46% Space Free | Partition Type: NTFS

    Computer Name: ANDREWS_PC | User Name: ANDREW | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/29 23:38:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\OTL.exe
    PRC - [2010/10/29 18:56:49 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010/10/29 18:56:44 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/10/29 18:56:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/10/29 18:56:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/10/29 18:56:23 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/10/29 18:56:21 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/10/20 17:25:08 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
    PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/25 18:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
    PRC - [2007/10/25 18:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    PRC - [2007/10/25 18:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2007/10/19 15:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2007/10/19 15:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2004/12/20 19:12:36 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    PRC - [2003/11/20 16:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
    PRC - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/10/29 23:38:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/29 18:56:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2007/10/19 15:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/10/19 15:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/10/19 15:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ANDREW\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/10/29 18:56:47 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/10/29 18:56:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/10/29 18:56:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/12/11 00:38:56 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2009/12/11 00:38:56 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/11/06 22:00:00 | 007,429,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2007/10/19 15:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/10/11 20:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/10/11 20:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/05/09 23:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2007/05/09 23:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2006/07/02 00:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/07/26 09:01:56 | 000,415,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
    DRV - [2005/07/26 08:58:30 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
    DRV - [2004/11/26 09:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2004/09/22 13:16:18 | 000,012,288 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
    DRV - [2003/01/10 15:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
    DRV - [2001/08/17 08:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 5D DD F8 56 78 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.2.1
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101067100&s="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - user.js..browser.search.selectedEngine: "Google"
    FF - user.js..browser.search.order.1: "Google"
    FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101067100&s="

    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/29 18:57:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 16:42:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 16:42:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2009/11/02 18:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Extensions
    [2010/10/29 20:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions
    [2009/11/02 18:55:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/22 17:41:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/02/12 09:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/02/12 09:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Mozilla\Firefox\Profiles\fevsl91k.default\extensions\YoutubeDownloader@PeterOlayev.com
    [2010/10/30 10:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/11 18:15:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/29 20:07:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/02/03 21:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/02/03 21:06:40 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

    O1 HOSTS File: ([2010/10/30 12:29:53 | 000,000,074 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [\\DAVE-C2D\EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Auto EPSON Stylus CX4800 Series on DAVE-C2D] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250889773483 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250972942765 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\ANDREW\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\ANDREW\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/21 16:10:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/08/19 20:45:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/30 13:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/10/30 12:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ANDREW\Local Settings\Application Data\AVG Security Toolbar
    [2010/10/30 12:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/10/30 12:26:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/10/30 12:26:20 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
    [2010/10/30 11:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/10/30 11:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/10/30 11:49:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\ANDREW\Desktop\spybotsd162.exe
    [2010/10/30 11:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ANDREW\Application Data\AVG9
    [2010/10/30 10:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2010/10/30 10:17:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/30 10:11:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/30 10:08:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/30 10:08:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/30 10:08:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/30 10:08:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/30 10:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/30 10:07:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/30 03:04:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
    [2010/10/30 00:02:21 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/10/29 23:38:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\OTL.exe
    [2010/10/29 22:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ANDREW\Desktop\tdsskiller
    [2010/10/29 20:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/10/29 20:05:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\TFC.exe
    [2010/10/29 19:45:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ANDREW\Recent
    [2010/10/29 18:56:44 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/10/28 18:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
    [2009/08/22 01:04:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ANDREW\Application Data\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 13:36:01 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/30 13:35:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/30 12:39:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D300915B-6563-4F49-8FA5-69799399C67F}.job
    [2010/10/30 12:29:53 | 000,000,074 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/30 12:20:10 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\HelpAsst_mebroot_fix.exe
    [2010/10/30 11:50:56 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\ANDREW\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/10/30 11:50:56 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\Spybot - Search & Destroy.lnk
    [2010/10/30 11:49:07 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\ANDREW\Desktop\spybotsd162.exe
    [2010/10/30 11:38:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts3.bak
    [2010/10/30 11:28:45 | 003,896,280 | R--- | M] () -- C:\Documents and Settings\ANDREW\Desktop\ComboFix.exe
    [2010/10/30 10:16:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts2.bak
    [2010/10/30 10:11:27 | 000,000,339 | RHS- | M] () -- C:\boot.ini
    [2010/10/30 09:43:36 | 067,010,333 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/10/30 09:40:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD236610-4C9C-4433-82A4-63439F6A15C0}.job
    [2010/10/30 03:28:27 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/30 03:10:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/30 03:06:49 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/30 03:06:49 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/30 03:04:10 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2010/10/29 23:38:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\OTL.exe
    [2010/10/29 23:15:27 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\exeHelper.com
    [2010/10/29 23:12:53 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\rkill.com
    [2010/10/29 22:20:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\MBRCheck.exe
    [2010/10/29 22:20:26 | 001,207,026 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\tdsskiller.zip
    [2010/10/29 21:49:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/10/29 20:11:53 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/29 20:05:10 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANDREW\Desktop\TFC.exe
    [2010/10/29 20:02:20 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\ANDREW\Desktop\dds.scr
    [2010/10/29 18:56:47 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/10/29 18:56:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/10/29 18:56:44 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/10/29 18:56:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

    ========== Files Created - No Company Name ==========

    [2010/10/30 12:20:10 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\HelpAsst_mebroot_fix.exe
    [2010/10/30 11:50:56 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/10/30 11:50:56 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\Spybot - Search & Destroy.lnk
    [2010/10/30 11:28:40 | 003,896,280 | R--- | C] () -- C:\Documents and Settings\ANDREW\Desktop\ComboFix.exe
    [2010/10/30 10:11:27 | 000,000,223 | ---- | C] () -- C:\Boot.bak
    [2010/10/30 10:11:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/30 10:08:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/30 10:08:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/30 10:08:08 | 000,085,504 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 10:08:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/30 10:08:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/30 03:00:49 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/10/29 23:15:27 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\exeHelper.com
    [2010/10/29 23:12:53 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\rkill.com
    [2010/10/29 22:20:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\MBRCheck.exe
    [2010/10/29 22:20:25 | 001,207,026 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\tdsskiller.zip
    [2010/10/29 20:02:19 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\ANDREW\Desktop\dds.scr
    [2010/09/15 21:40:27 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/04/13 19:59:47 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\ANDREW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/09 14:36:09 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\setup_ldm.iss
    [2009/10/08 18:52:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2009/08/22 01:04:04 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\pcouffin.log
    [2009/08/22 01:04:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\pcouffin.cat
    [2009/08/22 01:04:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ANDREW\Application Data\pcouffin.inf
    [2009/08/21 23:22:48 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/08/21 23:22:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/08/21 23:22:47 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/08/21 23:22:46 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009/08/21 23:22:46 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/08/21 23:22:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/08/21 22:57:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
    [2009/08/21 08:59:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/10/07 11:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 11:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2007/11/06 22:00:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/11/06 22:00:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/11/06 22:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/11/06 22:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/10/11 20:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2007/05/09 22:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

    ========== LOP Check ==========

    [2010/10/29 18:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/10/29 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/04/24 18:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2009/08/25 16:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/10/30 10:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
    [2009/11/18 19:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2009/08/22 09:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/10/30 11:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\AVG9
    [2010/09/15 20:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Azureus
    [2010/09/15 19:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\FrostWire
    [2010/01/22 13:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\HorizonWimba
    [2009/10/09 14:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Leadertech
    [2010/09/20 16:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\LimeWire
    [2009/12/10 13:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Paltalk
    [2010/06/15 19:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\uTorrent
    [2010/09/15 19:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANDREW\Application Data\Vso
    [2010/10/30 09:40:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD236610-4C9C-4433-82A4-63439F6A15C0}.job
    [2010/10/30 12:39:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D300915B-6563-4F49-8FA5-69799399C67F}.job

    ========== Purity Check ==========



    < End of report >
     
  14. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    I have to go to work so I will have to continue later. Thanks again for all of your help
     
  15. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    The above issue may be caused by AVG.
    Uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools and see, if it fixes the issue.

    OTL log looks good.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    I uninstalled AVG and still get same permission error. Security check will not run in normal mode error : "SecurityCheck\SecurityCheck.bat Windows cannot find "securitycheck\securitycheck.bat. Make sure you typed the name correctly, and then try again. To search for a file, click the start button
     
  17. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Re-download fresh copy of SecurityCheck and try again.
    On a side note...you may have some non-malware related issues...
     
  18. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    i tried to download it a few times. the ESET scan is running now. I wonder if the maware changed some settings?

    Eset found something. It is still scanning but found "a variant of win32/injector CYZ trojan

    I think something is amiss with ESET. It has been runnng for about an hour and shows only 10% complete. BUt what is really strange is it shows 70,000 files scanned and 60,000 of them infected and the number keeps climbing, all of the threat are the same, the one I listed above
     
  19. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Well, I don't want to comment until we see results.
    It doesn't look promising though...
     
  20. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    it is close to done, but around 61,000 threats, not all the same.
     
  21. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    file is too big
     
  22. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    C:\Documents and Settings\ANDREW\__\#1 Video Converter 5.2.32.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\.NET PDF Viewer 2.4.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\.photobucket.comalbumsoo286RemygaRAJ.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\000012345abcxxzzyy.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\001 File Joiner and Splitter 4.0.5.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\007 James Bond NightFire!.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\007 Quantum of Solace PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\007 Quantum Of Solace Wii.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\007 Stealth Activity Monitor 4.2 SAM.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\009 Sound System - With A Spirit.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\009soft Sound Effect Maker 1.2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day 15 May 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day 19 November 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day 21 April 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day 26 October 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0day Pack 07.04.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\0xford English Dictionary Collection of 4 Major Dictionaries.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 12 Ritter PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click Dvd Copy 5.4.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 click DVD copy 5.7.9.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 3.2.6.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 4.0.6.2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy Pro 5.6.4.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click Dvd Copy Pro v4.2.2.1 Portable.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Click DVD Copy v5.4.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 DVD Ripper 7.3.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Million Serial Keys For Softwares.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 MIllion Serial Numbers for applications.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Million Serial numbers Keys And More.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Penguin 100 Cases Portable.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Penguin 100 Cases.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.27.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.32.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.1.46.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 4.2.13.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.14 (Portable).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.17.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.24.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.31 Rus.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.31 Rust.zip a variant of Win32/Injector.CYZ trojan
    :\Documents and Settings\ANDREW\__\1 Video Converter 5.2.32.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter 5.2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 Video Converter v5.2.26.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1 year account for nod32 anti.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1-Click YouTube Downloader Version 3.5.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days To Save The World The Adv Of Diana Salinger HF - Tastro.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days To Save the World The Adventures of Diana ..zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days To Save the World The Adventures of Diana Salinger 2.0.0.6.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days to Save the World.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days Under The Sea 1.0.0.3.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Days Under The Sea.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Dead Men (2008) DVDRip.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Fresh Keys for nod32 on 07.24.2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 hot game 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Themes For Symbian.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\10 Thems For Nokia.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Adobe Photoshop Plugins.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Best Portable Software Collection 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Best Portable softwares and Appz AIO Collection 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Best Portable softwares and Appz AIO Collection.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Best Themes For Windows Seven 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Classic Books USA NDS.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Flash Site.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Game Mini Collection 2010 for PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 gamesSega PC gamezWindows MacOS123MB.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Girls 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 miniclip flash games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Miniclip FlashGames.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 New Mobile JAVA Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Nokia Themes.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Science Words College Graduate Should Know 1.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Themes fo WinDows XP.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Themes for WinDows XP.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100 Wallpapers High Quality Update.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100's of Super Nintendo Games for PS2 (PS2).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games (2008).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games (2010).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games - 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games [2008].zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Board and Puzzle Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Dance Party 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Essential Programs Collection Pack.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Gadget Collection For Windows 7 Vista And XP.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Game PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games 3.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games FASiSO (2009).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 (2010).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 FASiSO 2009-ENG.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 PC CD 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3 PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3-FASiSO (2009).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3-FASiSO 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Games Volume 3.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 genuine Serials Of Microsoft Products.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Java Mobile Game Collection 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000 Latest Java Mobile Game Collection 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1000Of Genuine Microsoft Products.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Minigolf Challenge (portable).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Minigolf Challenge Portable.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Nights The Adventures of Sinbad 1.00.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Nights The Adventures Of Sindbad ENG.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Nights The Adventures Of Sindbad PCENG.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1001 Nights The Adventures Of Sindbad.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100Rapidshare Premium Link Generator.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100s of Super Nintendo Games for PS2 PS2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\100_BEST_FLASH_Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Aussie Hits 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Bunny Pets.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 BUNNY PETSVirtual Pet Game.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Card And Board Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Card.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Dinner Party Songs 5CD.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 in 1 Party Megamix Wii.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Languages of The World (Complete 4CDs).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Languages of the World Complete 4CDs.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Languages of the World Complete 4CDsInteractive Tutorial.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Languages of the World.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\101 Punk.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\103 Hentai Games 10 games added PART 1.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\103 Hentai Games 10 games addedPART 2.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\107 Best Softwares Collection 3cds.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\107 Best Softwares Collection.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Best Game Portable 2010.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Days 11 Nights 2 1990 DVDRip XviD.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Game Portable (2010).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Steps to Create a Successful Web Site.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11 Themes For Symbian 9.1.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\110 Minigames Flash Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\111 Favourite Miniclip Flashgames.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\111 Flash Games Collection.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\111 Miniclip Flash Game.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\111 Miniclip Flash Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1112 episode 02 v1.0.0 iPhone and iPod touch - AD.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\112dB Redline Series Reverb 1.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\113 New ProgramsGames For Ipad.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\115Photoshop Lessons.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\11Ashampoo Anti-Malware v1.20 Multilingual.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 antivirus tools.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Best Java Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Most Wanted Tools to Fix An Infected PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Most wanted tools while fixing an infected PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Must have tools while fixing an infected PC.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Rounds (2009).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Rounds 2009.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Tools to Fix An Infected Computer.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\12 Windows7 Crystal Themes.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\120 Card Tricks Plus Bar Magic.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\120 Classic PC Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\1201 (1993).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\123 Flash Chat 6.4.0.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\123 Graphic Converter 3.0.0.1.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\125 Plymouth Car Wallpapers.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\136 PhotoshopPlugins v4.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\14 Eagle Slots Games.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\14 Flash Games.zip a variant of Win32/Injector.CYZ trojan

    60k plus of these after Andrew_ it goes through the entire alphabet
     
  23. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    C:\Documents and Settings\ANDREW\__\Zzed 1.1 (Portable).zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\Zzed Portable.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\Zzed v1.1 Portableò.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\[12 September, 2009] NOD32 latest escalation ID.zip a variant of Win32/Injector.CYZ trojan
    C:\Documents and Settings\ANDREW\__\Ð?еÑÐµÐ»Ð°Ñ Ñ?еÑ?ма (2010).zip a variant of Win32/Injector.CYZ trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\ANDREW\autorun.inf.vir INF/Autorun virus
    C:\System Volume Information\_restore{D2F070E1-5B14-4678-8247-DE3B185599E2}\RP2\A0000605.sys a variant of Win32/Bubnix.BD trojan
    C:\_OTL\MovedFiles\10302010_000221\C_WINDOWS\system32\mqbktvdm.dll a variant of Win32/Kryptik.HTA trojan
    D:\Incomplete\T-3410736-full sail ryan farish.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    D:\music\chelsea dagger new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    D:\music\it must really suck to be fys.wma probably a variant of Win32/Agent.JMYGWDG trojan
    D:\music\ryan farish full sail.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    D:\music2\chelsea dagger new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    D:\music2\it must really suck to be fys.wma probably a variant of Win32/Agent.JMYGWDG trojan
    D:\music2\ryan farish full sail.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    E:\Documents and Settings\AMS\Desktop\recovery\music2\hollywood undead.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan
     
  24. atcdav

    atcdav TS Rookie Topic Starter Posts: 72

    I would hope most are false positives. Or maybe there is a virus replicating. But I installed Avast and ran it. It found/removed 40 threats. I am looking at formating the D and E drives, I think it is a junk anyway.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Before we go any further, I need more info...
    You said, over 60,000 threats were listed by Eset, so where is the rest?
    Then, where all those .zip and .mp3 files came from?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.