Inactive Another Win32/Zbot.G infection

Drena Designs · Feb 24, 2011

Do I need to update and run a scan in AVG or just install it for now?

I'll leave Kontiki for now (not sure if they use it or not) and skip straight to the Java.

Broni · Feb 24, 2011

Run all steps from my previous reply first.
Then, reinstall AVG and....fresh scan won't hurt.
Let me know of any findings.

Drena Designs · Feb 24, 2011

Is the JAVA install and uninstall essential at this point? I download the launcher but it crashes when trying to download the main installation.

EDIT: IGNORE. I've managed to download a different version and install it. I'm now attempting to get JavaRa. Everything is working VERY slowly.

Broni · Feb 24, 2011

Go on......

Drena Designs · Feb 24, 2011

I ran the fix in OTL and rebooted as instructed. When Windows reopened, an error came up for OTL saying it could not be accessed. I tried to click on the program (on the desktop) and a second error message came up. AVG then popped up with a load of virus warnings (which I healed) and OTL had disappeared from the desktop.

I reinstalled OTL and on opening, the following log popped up, which I assume is from the fix.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=" removed from browser.search.defaulturl
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=kTH8wFRKbs5AqNC5cxm5Ow&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
File C:\Program Files\MyWebSearch\bar\firefox not found.
C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\searchplugins\mywebsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\ayirbhrn\ifahlkbe.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cdo\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD00020A-8B95-11D1-82DB-00C04FB1625D}\ not found.
File {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
C:\WINDOWS\002985_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\_wiC7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Swifter\xrrwsxvt.log moved successfully.
C:\Documents and Settings\Swifter\vybagyrq.log moved successfully.
C:\Documents and Settings\Swifter\cgkmxhsr.log moved successfully.
C:\Documents and Settings\Swifter\jgdymjga.log moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:41FA22AC deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\MyWebSearch not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 671878 bytes
->Flash cache emptied: 27454 bytes

User: Swifter
->Temp folder emptied: 11544201 bytes
->Temporary Internet Files folder emptied: 42835737 bytes
->Java cache emptied: 1900 bytes
->FireFox cache emptied: 6153098 bytes
->Flash cache emptied: 6500 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Swifter
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.21.0 log created on 02252011_013136

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Drena Designs · Feb 24, 2011

OTL Quick Scan log...

OTL logfile created on: 25/02/2011 01:49:59 - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Swifter\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 68.00 Mb Available Physical Memory | 14.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.99 Gb Free Space | 56.35% Space Free | Partition Type: NTFS
Drive E: | 959.13 Mb Total Space | 958.84 Mb Free Space | 99.97% Space Free | Partition Type: FAT

Computer Name: JULIANS | User Name: Swifter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 01:43:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

========== Modules (SafeList) ==========

MOD - [2011/02/25 01:43:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [Auto | Stopped] -- -- (hpqwmiex)
SRV - File not found [On_Demand | Stopped] -- -- (hpqwmi)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [Auto | Stopped] -- -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - File not found [Auto | Stopped] -- -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/10/25 14:27:54 | 000,421,255 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2006/10/18 19:05:24 | 001,068,543 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/07 22:40:10 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/06/25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 09:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2005/11/16 13:12:46 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/05/24 14:01:16 | 000,077,040 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/05/24 14:00:56 | 000,079,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/05/24 14:00:46 | 000,087,424 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/05/24 14:00:44 | 000,006,096 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/05/24 14:00:37 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/10 09:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/01/31 17:23:08 | 000,109,319 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/28 10:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/26 09:49:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/17 16:48:44 | 000,046,167 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003/03/27 13:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/06/10 14:16:34 | 000,371,766 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.45.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/25 00:19:04 | 000,000,000 | ---D | M]

[2009/07/26 16:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions
[2008/06/19 13:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/07/26 16:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/28 17:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions
[2010/07/21 21:11:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/21 21:11:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/21 21:11:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/14 21:58:54 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2011/01/29 09:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/12 11:30:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/06/04 16:38:46 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\FIREFOX
[2008/02/27 16:57:38 | 000,262,513 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2008/01/23 06:20:30 | 000,647,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2011/02/24 18:23:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Software Update] File not found
O4 - HKLM..\Run: [hpWirelessAssistant] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Swifter/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Swifter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Swifter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/25 20:34:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/24 23:20:48 | 000,013,534 | RHS- | M] () - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/25 01:43:33 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
[2011/02/25 01:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/25 01:32:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/25 01:31:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/25 01:27:23 | 000,641,473 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Swifter\Desktop\JavaRa.exe
[2011/02/25 01:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/25 01:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/02/25 00:37:51 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/02/25 00:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/23 22:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Desktop\tdsskiller
[2011/02/23 21:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/23 21:21:27 | 154,871,128 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Swifter\Desktop\avg_free_x86_all_2011_1204a3402.exe
[2011/02/23 20:19:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/23 20:16:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/23 20:16:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/23 20:16:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/23 20:16:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/23 20:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/23 19:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/23 19:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\Malwarebytes
[2011/02/23 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/23 18:53:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/23 18:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/23 18:53:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/23 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/18 21:04:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Swifter\Recent
[2011/02/18 12:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\AVG10
[2011/02/18 12:02:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/18 11:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/18 11:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\ayirbhrn
[2011/02/18 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\cs
[2011/02/18 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\blinkx beat
[2011/02/13 20:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/07 21:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\My Documents\FrostWire
[2011/02/07 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\FrostWire
[2011/02/07 21:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\FrostWire
[2011/02/07 21:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/02/07 21:25:23 | 008,310,726 | ---- | C] (FrostWire Team) -- C:\Documents and Settings\Swifter\My Documents\frostwire-4.21.3.windows.exe
[2011/02/07 21:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx
[2011/01/26 18:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\Rave
[2007/06/21 17:09:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Swifter\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/02/25 01:43:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
[2011/02/25 01:38:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/25 01:36:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/25 01:26:31 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\JavaRa.zip
[2011/02/25 01:24:34 | 000,011,882 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\download.htm
[2011/02/25 00:51:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C5A829B-00FC-4AB1-BEFD-3BE4BA8BD8C6}.job
[2011/02/25 00:44:23 | 035,416,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/02/25 00:38:23 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (3) to Internet Explorer.lnk
[2011/02/25 00:23:49 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/25 00:21:20 | 104,854,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/24 18:37:39 | 000,152,051 | ---- | M] () -- C:\WINDOWS\System32\notepadmgr.exe
[2011/02/24 18:23:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/24 18:14:39 | 004,274,341 | R--- | M] () -- C:\Documents and Settings\Swifter\Desktop\ComboFix.exe
[2011/02/23 22:45:50 | 001,257,772 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\tdsskiller.zip
[2011/02/23 22:35:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 22:28:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (2) to Internet Explorer.lnk
[2011/02/23 21:57:30 | 000,152,051 | ---- | M] () -- C:\WINDOWS\System32\taskmgrmgr.exe
[2011/02/23 21:36:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut to Internet Explorer.lnk
[2011/02/23 20:19:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/23 19:32:30 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\rkill.com
[2011/02/23 18:53:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/18 12:37:19 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011/02/18 12:29:34 | 000,003,231 | ---- | M] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\gumlc.dat
[2011/02/15 20:35:19 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/02/15 09:38:00 | 000,444,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/15 09:38:00 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/07 21:25:21 | 008,310,726 | ---- | M] (FrostWire Team) -- C:\Documents and Settings\Swifter\My Documents\frostwire-4.21.3.windows.exe
[2011/02/07 21:12:10 | 000,208,464 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe
[2011/02/07 17:28:53 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\untitled.bmp
[2011/01/31 11:25:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for sandra.doc
[2011/01/31 11:19:19 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for us.doc
[2011/01/31 10:41:08 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 1 TRAINEES.doc
[2011/01/31 10:33:17 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 2 TRAINEES.doc
[2011/01/31 09:57:39 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Microsoft Word.lnk
[2011/01/31 09:56:41 | 000,424,448 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\invoice for us.doc
[2011/01/28 21:53:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/26 22:01:28 | 154,871,128 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Swifter\Desktop\avg_free_x86_all_2011_1204a3402.exe
[2011/01/26 12:37:10 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\FOOTBALL KITS ordered.doc

========== Files Created - No Company Name ==========

[2011/02/25 01:27:23 | 000,351,259 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\JavaRa.def
[2011/02/25 01:27:23 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Nederlands.lng
[2011/02/25 01:27:23 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Suomi.lng
[2011/02/25 01:27:22 | 000,003,027 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Français.lng
[2011/02/25 01:27:22 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Español.lng
[2011/02/25 01:27:22 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Italiano.lng
[2011/02/25 01:27:22 | 000,002,758 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Deutsch.lng
[2011/02/25 01:26:31 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\JavaRa.zip
[2011/02/25 01:24:37 | 000,011,882 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\download.htm
[2011/02/25 00:42:45 | 035,416,322 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/02/25 00:38:23 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (3) to Internet Explorer.lnk
[2011/02/25 00:23:49 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/24 00:01:12 | 000,152,051 | ---- | C] () -- C:\WINDOWS\System32\notepadmgr.exe
[2011/02/23 23:08:26 | 000,288,709 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\RKUnhookerLE.EXE
[2011/02/23 22:46:29 | 001,257,772 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\tdsskiller.zip
[2011/02/23 22:28:17 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (2) to Internet Explorer.lnk
[2011/02/23 21:58:16 | 000,779,142 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\dds.scr
[2011/02/23 21:58:09 | 000,451,463 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\wvwx6fpx.exe
[2011/02/23 21:57:30 | 000,152,051 | ---- | C] () -- C:\WINDOWS\System32\taskmgrmgr.exe
[2011/02/23 21:36:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut to Internet Explorer.lnk
[2011/02/23 20:19:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/23 20:19:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/23 20:16:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/23 20:16:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/23 20:16:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/23 20:16:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/23 20:16:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/23 20:09:32 | 004,274,341 | R--- | C] () -- C:\Documents and Settings\Swifter\Desktop\ComboFix.exe
[2011/02/23 20:06:42 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\rkill.com
[2011/02/23 19:26:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 18:53:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/16 21:55:18 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Swifter\jgdymjga.log
[2011/02/15 20:48:57 | 052,408,320 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\site1.wpp
[2011/02/13 20:39:39 | 000,003,510 | ---- | C] () -- C:\Documents and Settings\Swifter\commonpriv.log
[2011/02/13 20:39:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Swifter\commonpriv.log.lock
[2011/02/07 21:12:08 | 000,208,464 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe
[2011/02/07 17:28:53 | 001,166,454 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\untitled.bmp
[2011/01/31 11:25:20 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for sandra.doc
[2011/01/31 11:19:18 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for us.doc
[2011/01/31 09:56:39 | 000,424,448 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\invoice for us.doc
[2011/01/30 21:47:30 | 000,003,231 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\gumlc.dat
[2011/01/28 21:53:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/26 13:04:16 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 2 TRAINEES.doc
[2011/01/26 12:58:09 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 1 TRAINEES.doc
[2011/01/26 12:37:10 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\FOOTBALL KITS ordered.doc
[2011/01/24 23:48:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/01/22 12:29:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/12 00:58:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/10 19:04:13 | 000,040,372 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\FASTWiz.log
[2008/05/26 16:02:50 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/03/01 12:19:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\ezpinst.exe
[2008/01/02 13:29:05 | 000,001,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/07 22:40:08 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/06/21 17:09:36 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.log
[2007/06/21 17:09:24 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.cat
[2007/06/21 17:09:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.inf
[2007/01/27 19:52:25 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2007/01/27 19:50:55 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/27 19:50:51 | 000,000,536 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/05/13 09:32:15 | 000,011,264 | R--- | C] () -- C:\WINDOWS\System32\TEKYUV.DLL
[2006/05/13 09:32:14 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\rmp4.dll
[2006/05/13 09:32:14 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\dsrmp4.dll
[2006/05/13 09:32:13 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\mpegdecoder.dll
[2006/05/13 09:32:12 | 000,023,552 | R--- | C] () -- C:\WINDOWS\System32\pdi.dll
[2006/05/13 09:32:11 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/05/13 09:32:11 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/05/13 09:32:11 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/05/13 09:32:11 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/05/13 09:32:11 | 000,000,702 | R--- | C] () -- C:\WINDOWS\MMTVMJ.INI
[2006/05/13 09:32:10 | 000,000,761 | R--- | C] () -- C:\WINDOWS\M3JP2K.INI
[2006/05/13 09:32:09 | 000,000,714 | R--- | C] () -- C:\WINDOWS\m3jpeg.ini
[2006/05/13 09:32:05 | 000,413,760 | R--- | C] () -- C:\WINDOWS\System32\mpg4c32.dll
[2006/05/13 09:32:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/05/13 09:32:00 | 000,077,664 | R--- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[2006/05/13 09:32:00 | 000,056,832 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006/05/13 09:31:59 | 000,152,064 | R--- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/05/13 09:31:54 | 000,092,672 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV2.dll
[2006/05/13 09:31:54 | 000,071,680 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV1.DLL
[2006/05/13 09:31:54 | 000,066,560 | R--- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2006/05/13 09:31:53 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2006/05/13 09:31:52 | 000,482,816 | R--- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[2006/05/13 09:31:52 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2006/05/13 09:31:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AVIWRAP.DLL
[2006/05/13 09:31:46 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\AVIZLIB.DLL
[2006/05/13 09:31:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\AVIMSZH.DLL
[2006/05/13 09:31:39 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/05/13 09:31:39 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll
[2006/04/25 13:24:42 | 000,000,163 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/04/17 11:52:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\gnucleus.INI
[2006/03/22 21:46:10 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/12 15:06:09 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2006/03/09 21:14:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\fusioncache.dat
[2006/02/28 20:23:06 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/28 19:07:16 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/28 13:37:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/27 18:48:18 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2006/02/27 18:48:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2006/02/27 18:48:09 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2006/02/27 18:48:09 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2006/02/25 21:57:24 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/25 20:44:28 | 000,000,936 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006/02/25 20:24:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/03 12:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2011/02/25 01:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/18 11:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/02/18 12:02:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/03/07 21:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2008/02/04 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2011/01/22 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/09/06 14:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/02/25 01:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/02/18 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/28 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/07 11:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/02/07 20:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/02/13 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/21 00:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/06/19 02:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/01/22 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/06/22 08:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/02/24 12:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/10/23 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/02/18 12:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\AVG10
[2011/02/07 22:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\CometPlayer
[2008/02/04 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\eBay
[2011/01/23 09:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Epson
[2011/02/17 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\FrostWire
[2008/09/06 14:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Grisoft
[2006/02/25 22:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Leadertech
[2009/11/28 18:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\LimeWire
[2006/03/04 19:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\MSNInstaller
[2011/02/04 09:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Ninu
[2011/02/03 20:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Qoircy
[2008/10/12 19:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Serif
[2007/04/12 17:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\SignupShield
[2008/08/29 12:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Sony
[2010/11/14 22:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TigerPlayer
[2008/06/19 13:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TomTom
[2008/06/19 02:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TuneUp Software
[2008/03/01 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Vso
[2007/06/20 10:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\WholeSecurity
[2006/03/09 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Windows Desktop Search
[2011/02/18 12:37:19 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
[2011/02/25 00:51:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C5A829B-00FC-4AB1-BEFD-3BE4BA8BD8C6}.job

========== Purity Check ==========

< End of report >

FYI, AVG is going crazy finding Win32/Zbot.G infections and asking me to heal them. Its also refusing to update itself, just sticking in the 'checking for new updates' phase without getting anywhere. I'm still accessing the web via Windows Exploer because IE won't launch either. Is this still to be expected at this point?

Broni · Feb 24, 2011

AVG is going crazy finding Win32/Zbot.G

I need more info on this.
What file is affected and where it's located.

Drena Designs · Feb 25, 2011

I boot up the laptop and get the following popup immediately...

apdproxy.exe - Unable to Locate Component
This application has failed to start because apdboot.dll was not found. Re-installing the application may fix this problem.

The following files (typed out by hand so excuse any spelling mistakes) are all logged AVG’s Virus Vault as an Infection by Win32/Zbot.G. All of which have happened today.

C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttonszeabservr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Epson Software\Event Manager\EPNSM.dll
C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll
C:\Documents and Settings/Swifter\Desktop\OTL.exe
C:\Program Files\Windows Media Components\Encoder\WMEX.dll
C:\Program Files\Movie Maker\moviemk.exe
C:\Program Files\Common Files\System\msadc\msadce.dll
C:\Program Files\Outlook Express\msoe.dll
C:\Program Files\Windows Media Components\Encoder\WMEncEng.dll
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Installer\WLSetupSvc.exe
C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
C:\Program Files\npDivxPlayerPlugin.dll
C:\Program Files\npBitCometAgent.dll
C:\Program Files\npBBCPlugin.dll
C:\Documents and Settings/Swifter\Desktop\wvwx6fpx.exe
C:\Documents and Settings/Swifter\Desktop\RKUnhookerLE.exe
C:\Documents and Settings/Swifter\Desktop\dds.scr
C:\Program Files\AVG\AVG10\Htmlayout.dll
C:\Program Files\Windows Media Components\Encoder\wmencagt.exe
C:\Program Files\Windows Media Components\Encoder\WNEnc.exe

The last two appeared most recently in an AVG Resident Shield Alert multiple threat detection popup.

Under both of these in this popup, it also said…

Process Name: C:\Windows\system32\svchost.exe
Process ID: 1368
Detected as open

I ‘Remove all unhealed’ and then ‘Close’.

These are basically the faults that were coming up right at the start of the problem before I'd run anything. It's like the malware has just sprung back up.

EDIT:
I've run (3hrs) a full scan with AVG and the laptop is still riddled with viruses. There were 2470 threats found, a mix of 'VBS/Generic' and 'Win32/Zbot.G', mostly in dll files but also in html, html and exe files. They were supposedly removed but it's still not working at all.

This seems a bit fatal to me. Any ideas?

Broni · Feb 25, 2011

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Drena Designs · Feb 25, 2011

Heres the log after 80% of the ESET scan (its taken over 2hrs and I need to go out so can't complete it).

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ifahlkbe.exe a variant of Win32/Kryptik.KTD trojan
C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe a variant of Win32/Adware.HotBar.H application
C:\Program Files\BitLord\Downloads\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso Win32/Toolbar.AskSBar application
C:\Program Files\SoccerInfernoEI\Installr\6.bin\j2EIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0048932.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0048933.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0048971.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049643.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049827.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049828.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049829.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049834.exe a variant of Win32/Kryptik.KTD trojan

Can we reasonably expect to resolve this in the next 6hrs? If not, I'm probably going to give up and the owner can get it wiped and Windows reinstalled. Whatever the outcome, I really appreciate the help you have given.

Broni · Feb 25, 2011

There is no way for me to predict, when this computer will be considered clean, so please let me know, what you want to do.

Drena Designs · Feb 28, 2011

I've spoken with the owner and he has agreed to get it wiped and to start over with fresh install.

Thanks again for the help!

Broni · Feb 28, 2011

Not a problem.
Thank you for letting me know

Inactive Another Win32/Zbot.G infection

Drena Designs

Posts: 24 +0

Broni

Posts: 56,041 +516

Drena Designs

Posts: 24 +0

Broni

Posts: 56,041 +516

Drena Designs

Posts: 24 +0

Drena Designs

Posts: 24 +0

Broni

Posts: 56,041 +516

Drena Designs

Posts: 24 +0

Broni

Posts: 56,041 +516

Drena Designs

Posts: 24 +0

Broni

Posts: 56,041 +516

Drena Designs

Posts: 24 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts