Slow laptop and imesh problem
Hi , I helping a friend out with is laptop and he copy a movie from a friends usb key and when he restarted is computer imesh had taken over is browser (explorer and chrome) . So he deleted imesh , but still is computer is slow and he is worried about it. I look on the forum and found some thread with similar problems , but i m not sure what is the next step. So , far i ran Spybot - Search & Destroy and Malwarebytes' Anti-Malware . spybot gave no error , but Malwarebytes found a backdoor (log below). I also included the OTL log
Any help would be appreciated
Hugo
_____
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6415
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
4/21/2011 5:03:47 PM
mbam-log-2011-04-21 (17-03-47).txt
Scan type: Quick scan
Objects scanned: 202688
Time elapsed: 14 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\gtw_logo.scr (Backdoor.Bot) -> Quarantined and deleted successfully.
____
OTL logfile created on: 4/21/2011 5:11:45 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\My Documents\downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 427.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 47.55 Gb Free Space | 33.44% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.43 Gb Free Space | 50.19% Space Free | Partition Type: FAT32
Computer Name: YOUR-E36BCE3DBF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\My Documents\downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe ()
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe (Chicony)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
PRC - C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\My Documents\downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (ISSIMon) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (NetCfgSvr) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
========== Driver Services (SafeList) ==========
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ZD1211BU(SMC)) 802.11g Wireless USB2.0 Adapter Driver(SMC) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ABVPN2K) -- C:\WINDOWS\system32\drivers\abvpn2k.sys (AT&T)
DRV - (USA19H) -- C:\WINDOWS\system32\drivers\USA19H2k.sys (Keyspan)
DRV - (USA19H2KP) -- C:\WINDOWS\system32\drivers\USA19H2kp.sys (Keyspan)
DRV - (CCCP106) CIF USB Camera (2110A) -- C:\WINDOWS\system32\drivers\cccp106.sys ()
DRV - (avpnnic) -- C:\WINDOWS\system32\drivers\avpnnic.sys (AT&T)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/search?q=news
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/20 23:17:18 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2004/08/10 15:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe (Chicony)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/s...vest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.12.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/04 15:11:52 | 000,000,682 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{00ce5367-c89f-11df-bcef-0018de734a1b}\Shell - "" = AutoRun
O33 - MountPoints2\{00ce5367-c89f-11df-bcef-0018de734a1b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{00ce5367-c89f-11df-bcef-0018de734a1b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{42d30097-b1fb-11db-9c3d-0018de734a1b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{7211c242-eb5e-11db-9cd3-0018de734a1b}\Shell - "" = AutoRun
O33 - MountPoints2\{7211c242-eb5e-11db-9cd3-0018de734a1b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7211c242-eb5e-11db-9cd3-0018de734a1b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{cdf70d2f-046a-11df-ba29-0018de734a1b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{f43b5b08-f14d-11de-b9d7-0018de734a1b}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{f775396a-7afc-11df-bbe8-0018de734a1b}\Shell - "" = AutoRun
O33 - MountPoints2\{f775396a-7afc-11df-bbe8-0018de734a1b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f775396a-7afc-11df-bbe8-0018de734a1b}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/21 16:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Application Data\Malwarebytes
[2011/04/21 16:45:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/21 16:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/21 16:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/21 16:45:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/21 16:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/21 16:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Start Menu\Programs\Google Chrome
[2011/04/21 15:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/20 23:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Application Data\AVG10
[2011/04/20 23:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/04/20 23:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/20 23:15:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/04/20 22:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/18 06:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Application Data\AVG9
[2011/04/06 21:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Application Data\mediabarim
[2011/04/06 21:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\iMesh
[2011/04/06 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2011/04/06 18:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\YesVideo
[2011/04/02 16:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\PackageAware
[2011/03/30 17:17:22 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/03/29 07:26:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/29 07:26:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/29 07:26:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/21 17:11:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 17:10:26 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/21 17:10:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 17:09:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/21 17:09:55 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/21 16:53:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 16:45:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 16:10:29 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/21 16:10:28 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Desktop\Google Chrome.lnk
[2011/04/21 16:09:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-135846266-3963062760-2565712969-1006UA.job
[2011/04/21 08:46:48 | 112,998,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/21 01:53:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/20 23:17:31 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/20 22:37:58 | 000,221,696 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 20:09:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-135846266-3963062760-2565712969-1006Core1cac68d7466cae4.job
[2011/04/19 16:03:25 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/04/13 13:22:36 | 000,983,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 10:44:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 10:42:42 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/13 10:42:42 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/07 20:54:58 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/03/26 15:54:27 | 000,000,197 | RHS- | M] () -- C:\boot.ini
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/21 16:45:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 16:10:28 | 000,002,402 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Desktop\Google Chrome.lnk
[2011/04/21 16:10:28 | 000,002,380 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/21 08:46:48 | 112,998,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/20 23:17:31 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/20 22:49:02 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/14 17:38:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/06/04 22:07:36 | 000,162,854 | ---- | C] () -- C:\WINDOWS\hpoins37.dat.temp
[2010/06/04 22:07:36 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2010/05/10 18:50:58 | 000,122,244 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/20 18:11:36 | 000,162,854 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/03/20 18:11:35 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/01/06 22:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/07/27 21:25:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/05/15 19:36:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/09 11:47:04 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/11/28 10:11:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/04 02:57:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/29 09:48:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/26 11:19:12 | 000,230,377 | ---- | C] () -- C:\WINDOWS\System32\XXCOPY16.EXE
[2008/02/26 11:19:12 | 000,230,377 | ---- | C] () -- C:\WINDOWS\System32\XX293116.EXE
[2007/12/15 19:36:53 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/08/14 07:46:59 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\AzureBay.bmp
[2007/08/14 07:46:59 | 000,104,838 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\cal.bmp
[2007/08/14 07:46:58 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\sswpprep.bmp
[2007/08/14 07:44:08 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\ssprep.bmp
[2007/08/14 07:30:59 | 000,002,133 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\AzureBay.ini
[2007/07/16 20:07:34 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/23 01:11:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2007/04/30 07:26:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\USA19HPropPage.dll
[2007/04/30 07:26:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
[2007/04/22 17:39:22 | 000,000,237 | ---- | C] () -- C:\WINDOWS\DTO2KXSV.INI
[2007/04/22 17:39:21 | 000,000,894 | ---- | C] () -- C:\WINDOWS\DtSync.ini
[2007/04/22 17:39:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\dtodebug.ini
[2007/04/22 17:31:23 | 000,013,114 | ---- | C] () -- C:\WINDOWS\daytimer.ini
[2007/04/22 17:31:22 | 000,462,880 | ---- | C] () -- C:\WINDOWS\System32\Owl252f.dll
[2007/03/25 23:37:53 | 000,085,319 | ---- | C] () -- C:\WINDOWS\hpgins01.dat
[2007/03/25 23:37:53 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat
[2007/03/23 22:37:36 | 000,002,354 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Application Data\wklnhst.dat
[2007/02/18 22:02:47 | 000,010,009 | ---- | C] () -- C:\WINDOWS\agnslang.ini
[2007/02/07 21:27:12 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\fusioncache.dat
[2007/02/07 20:38:24 | 000,192,512 | R--- | C] () -- C:\WINDOWS\select2.exe
[2007/02/07 20:38:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\dcccp106.dll
[2007/02/07 20:38:24 | 000,036,864 | R--- | C] () -- C:\WINDOWS\CleanDev.exe
[2007/02/07 20:38:24 | 000,000,321 | R--- | C] () -- C:\WINDOWS\DC2110a.ini
[2007/02/07 20:38:23 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\vcccp106.dll
[2007/02/07 20:38:23 | 000,015,542 | R--- | C] () -- C:\WINDOWS\cccp106.ini
[2007/02/07 20:38:22 | 000,227,200 | R--- | C] () -- C:\WINDOWS\System32\drivers\cccp106.sys
[2007/02/02 13:45:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/02/02 13:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/02/01 10:09:30 | 000,221,696 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/30 19:01:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/28 15:57:04 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2007/01/28 15:49:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/28 15:48:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2007/01/28 15:44:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/28 15:30:09 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2007/01/28 14:53:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/01/28 14:52:56 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/01/28 14:52:56 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/01/28 14:52:49 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/01/28 14:52:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/01/28 14:52:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/28 14:51:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/01/28 14:51:35 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/01/28 14:49:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/01/28 14:48:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/21 05:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 05:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 05:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 05:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 05:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 05:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 05:23:22 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 05:23:22 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/16 22:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 22:30:47 | 000,983,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/04 00:28:30 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E36BCE3DBF\Local Settings\Application Data\ScreenSaver.ini
[2004/01/14 13:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/08/27 05:10:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2002/01/24 10:09:56 | 000,174,592 | ---- | C] () -- C:\WINDOWS\System32\LEXPPS.EXE
[2001/06/27 13:31:00 | 000,039,611 | ---- | C] () -- C:\WINDOWS\System32\biosid.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:9CD6011023C7ECB5
< End of report >
