IDP.Trojan.1C8D1A13 & Crypt.AQLW

[jacknjaspa]

OK ran it, when pc rebooted this opened in notepad
04292012_124540.log (cant find otl fix log?) Hope this is what your after?

All processes killed
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Cameron
->Temp folder emptied: 858108 bytes
->Temporary Internet Files folder emptied: 35920 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 5411840 bytes
->Flash cache emptied: 0 bytes

User: Cameron.old
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109563 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

 

[oldman960]

Hi jacknjaspa,

:bigthumb: Yes that's the log. Carry on with the ESET scan.

 

[jacknjaspa]

Ok heres the file. FYI when i enabled AVG agin 5 alerts popped up (i didnt run a scan)


C:\Documents and Settings\Cameron\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\DRB0076F\download-k_4.3%20hack%20pack[2].html HTML/Hoax.FastDownload.A.Gen application
C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\access-denied[2].html HTML/Hoax.FastDownload.A.Gen application
C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\checkout[1].html HTML/Hoax.FastDownload.A.Gen application
C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\en[1].txt HTML/Hoax.FastDownload.A.Gen application
C:\Documents and Settings\Cameron\My Documents\Manuals\installer_sony_vegas_pro_9_0e_(32_bits)_English.exe.download Win32/Toggle application
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir a variant of Win32/FunWeb.AA application
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078648.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078649.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078650.dll a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078651.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078653.exe probably a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP408\A0092088.exe a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092166.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092167.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092168.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092169.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095575.DLL a variant of Win32/FunWeb.AA application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095576.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095577.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP418\A0097765.exe Win32/Adware.MarketScore.A application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP418\A0098233.exe a variant of Win32/SoftonicDownloader.A application
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0002\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0002\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\26.04.2012_06.48.21\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\26.04.2012_22.07.36\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan

 

[oldman960]

Hi jacknjaspa,

Most of the ESET detections are files we have quarantined or are in old system restore points. These will be removed when we remove the tools.

Where were the AVG detections?


Open OTL, check the box beside "scan all users" and click Run Scan. Please post the log.

 

[jacknjaspa]

This is what avg is detecting

File name c\windows\system32\snapman380.dll
Threat name idp.trojan.1c8d1a13

 

[jacknjaspa]

OTL logfile created on: 29/04/2012 10:21:31 PM - Run 3
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.36% Memory free
4.87 Gb Paging File | 3.64 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 30.72 Gb Free Space | 10.31% Space Free | Partition Type: NTFS
Drive D: | 0.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 75.93 Gb Free Space | 50.95% Space Free | Partition Type: NTFS

Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Cameron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\POWERISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)
PRC - C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
PRC - C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
PRC - C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\acs.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Safari\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Safari\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\FingerPrint\libcups2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\WinZip\UNRAR.DLL ()
MOD - C:\Program Files\WinZip\LHA.DLL ()
MOD - C:\WINDOWS\system32\acs.exe ()


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FingerPrint) -- C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Cameron\LOCALS~1\Temp\catchme.sys File not found
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\WG311T13.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {D712F12C-ABCF-4523-8C25-371D9A76CF65}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{D712F12C-ABCF-4523-8C25-371D9A76CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\SearchScopes,DefaultScope = {D712F12C-ABCF-4523-8C25-371D9A76CF65}
IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\SearchScopes\{D712F12C-ABCF-4523-8C25-371D9A76CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GB
IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Cameron\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox

[2012/02/19 18:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cameron\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/04/28 09:18:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9210D3-7F9C-40FF-9F7F-CF323A108DC8}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/03 19:25:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 15:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Hack Pack 4.3
[2012/04/29 13:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\PowerISO
[2012/04/29 13:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PowerISO
[2012/04/29 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\POWERISO
[2012/04/29 13:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Mario.and.Sonic.at.the.London.2012.Olympic.Games.PAL.Wii-GLoBAL
[2012/04/29 13:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\MagicDisc
[2012/04/29 13:06:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/29 13:06:36 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2012/04/29 12:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/29 12:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\New Folder
[2012/04/29 12:18:01 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/29 12:18:00 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/04/29 12:18:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/29 12:17:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/29 12:17:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/29 12:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics
[2012/04/29 12:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\WinRAR
[2012/04/29 12:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
[2012/04/29 11:36:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/29 08:15:48 | 000,000,000 | ---D | C] -- C:\jgh8813j
[2012/04/28 09:47:31 | 000,000,000 | ---D | C] -- C:\iso
[2012/04/28 09:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Malwarebytes
[2012/04/28 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/28 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012/04/28 09:37:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/28 09:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/28 09:36:09 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/28 09:34:51 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\My Documents\mbam-setup-1.61.0.1400.exe
[2012/04/28 07:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\WinRAR
[2012/04/28 06:05:50 | 000,000,000 | ---D | C] -- C:\jgh
[2012/04/27 08:31:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/27 08:26:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/27 08:26:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/27 08:26:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/27 08:26:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/27 08:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/27 08:25:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/27 08:20:40 | 004,477,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\jgh.exe
[2012/04/27 08:18:52 | 000,978,283 | ---- | C] (Swearware) -- C:\Documents and Settings\Cameron\My Documents\jgh.exe.download
[2012/04/26 21:57:31 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\dllcache\avgtdix.sys
[2012/04/26 21:57:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 07:37:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cameron\Desktop\OTL.exe
[2012/04/25 21:18:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/25 21:16:22 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cameron\Desktop\tdsskiller.exe
[2012/04/25 11:05:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\Administrative Tools
[2012/04/25 11:04:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\dds.scr
[2012/04/24 13:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\NPE
[2012/04/24 13:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
[2012/04/24 13:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMODO
[2012/04/24 13:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Comodo
[2012/04/22 23:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\Identities
[2012/04/20 18:29:01 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cameron\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/04/20 08:34:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cameron\Recent
[2012/04/20 08:23:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/20 08:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/20 08:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/04/20 07:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
[2012/04/19 11:57:38 | 000,113,072 | ---- | C] (Power Software Ltd) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2012/04/17 08:41:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJFAX
[2012/04/17 08:40:16 | 001,347,584 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410C.dll
[2012/04/17 08:40:16 | 000,315,392 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410L.dll
[2012/04/17 08:40:16 | 000,114,688 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410I.dll
[2012/04/17 08:40:16 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410U.dll
[2012/04/17 08:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Canon Easy-WebPrint EX
[2012/04/17 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon Utilities
[2012/04/17 08:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon MX410 series Manual
[2012/04/17 08:32:02 | 000,257,024 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNCALAL.DLL
[2012/04/17 08:32:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2012/04/17 08:31:49 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMAL.DLL
[2012/04/17 08:31:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/04/17 08:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon MX410 series
[2012/04/17 08:31:42 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC410O.dll
[2012/04/17 08:31:39 | 000,180,224 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUAL.DLL
[2012/04/17 08:31:27 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/04/07 16:55:58 | 000,000,000 | ---D | C] -- C:\found.000
[2012/04/07 15:42:52 | 000,000,000 | ---D | C] -- C:\big w prints
[2012/04/07 15:07:12 | 000,000,000 | ---D | C] -- C:\Vuze
[2012/04/07 14:48:39 | 000,000,000 | ---D | C] -- C:\To Transfer
[2012/04/06 08:19:51 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/03 07:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2012/04/01 11:09:26 | 000,000,000 | R--D | C] -- C:\g on Home PC (B03f21ae66bf49c)

========== Files - Modified Within 30 Days ==========

[2012/04/29 22:29:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 22:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/29 17:52:48 | 096,579,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/29 17:52:04 | 000,212,262 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/29 15:38:52 | 000,221,411 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\USBLGX Forwarder.rar
[2012/04/29 15:29:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 15:08:19 | 112,798,463 | ---- | M] () -- C:\Documents and Settings\Cameron\My Documents\Hack Pack 4.3_Shadow29091.rar
[2012/04/29 13:58:40 | 001,055,504 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\wii.hack.pack.4.3.full.wma.exe
[2012/04/29 13:20:18 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
[2012/04/29 13:06:39 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/04/29 13:06:39 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\MagicDisc.lnk
[2012/04/29 12:48:56 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/04/29 12:48:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/29 12:47:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/29 12:42:21 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2012/04/29 12:17:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/29 12:17:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/29 12:17:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/29 12:17:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/29 12:17:27 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/04/29 12:17:27 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/28 09:37:28 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 09:35:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\My Documents\mbam-setup-1.61.0.1400.exe
[2012/04/28 09:35:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/28 09:18:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/28 07:59:21 | 002,284,697 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\LetterBomb.zip
[2012/04/28 07:29:10 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics.iso
[2012/04/27 08:31:14 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/04/27 08:21:02 | 004,477,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\jgh.exe
[2012/04/27 08:19:04 | 000,978,283 | ---- | M] (Swearware) -- C:\Documents and Settings\Cameron\My Documents\jgh.exe.download
[2012/04/26 22:10:19 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/04/26 07:37:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cameron\Desktop\OTL.exe
[2012/04/25 21:27:59 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/25 21:27:59 | 000,089,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/25 13:57:46 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cameron\Desktop\tdsskiller.exe
[2012/04/25 02:21:58 | 000,337,321 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\FSS-1.exe
[2012/04/24 13:26:43 | 000,000,821 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ccebak
[2012/04/24 10:03:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/23 11:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 18:29:02 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cameron\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/04/19 11:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2012/04/17 08:35:44 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Canon Solution Menu EX.lnk
[2012/04/17 08:33:04 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\Cameron\My Documents\Canon MX410 series On-screen Manual.lnk
[2012/04/14 23:02:10 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 23:02:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/08 16:39:43 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 14:01:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 07:36:13 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/29 15:38:51 | 000,221,411 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\USBLGX Forwarder.rar
[2012/04/29 14:48:11 | 112,798,463 | ---- | C] () -- C:\Documents and Settings\Cameron\My Documents\Hack Pack 4.3_Shadow29091.rar
[2012/04/29 13:58:33 | 001,055,504 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\wii.hack.pack.4.3.full.wma.exe
[2012/04/29 13:24:15 | 405,012,479 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\ind-nsmb-pal(compress)(patched)_Fel347.iso
[2012/04/29 13:20:18 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
[2012/04/29 13:06:39 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/04/29 13:06:39 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\MagicDisc.lnk
[2012/04/29 12:42:21 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2012/04/28 09:37:28 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 07:59:10 | 002,284,697 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\LetterBomb.zip
[2012/04/28 07:29:10 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics.iso
[2012/04/27 08:31:14 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2012/04/27 08:31:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/27 08:26:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/27 08:26:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/27 08:26:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/27 08:26:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/27 08:26:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/25 17:35:59 | 000,337,321 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\FSS-1.exe
[2012/04/20 08:31:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/17 08:40:16 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\CNC174ED.TBL
[2012/04/17 08:35:44 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Canon Solution Menu EX.lnk
[2012/04/17 08:33:04 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\Cameron\My Documents\Canon MX410 series On-screen Manual.lnk
[2012/04/09 15:48:25 | 646,063,278 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\lego.ninjago.masters.of.spinjitzu.s02e01.rise.of.the.snakes.mkv
[2012/04/07 14:01:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/04/06 08:19:54 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/03 07:36:13 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/03 07:35:41 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/02/16 13:58:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/23 19:01:25 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/07 20:52:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/08 12:44:53 | 000,058,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/30 22:03:14 | 000,001,802 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/05/18 11:05:52 | 000,037,879 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Comma Separated Values (DOS).ADR
[2011/05/16 12:38:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2011/05/12 18:54:32 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/05/10 22:14:42 | 000,421,206 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\bdinstall.bin
[2011/05/10 14:33:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/10 14:32:28 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/10 07:09:15 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/05/10 07:07:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2011/05/10 06:51:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/10 06:44:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/16 11:44:51 | 000,269,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/10 12:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

========== Files - Unicode (All) ==========
[2011/06/22 11:01:31 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Cameron\?????) -- C:\Documents and Settings\Cameron\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Cameron\Desktop\ind-nsmb-pal(compress)(patched)_Fel347.iso:SummaryInformation
@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Cameron\My Documents\wg311t_5_0_setup.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Cameron\My Documents\avg_free_stb_all_2011_1382_cnet.exe:BDU

< End of report >

 

[oldman960]

Hi jacknjaspa,

That was one of files we had in the last combofix fix. I don't know wht combofix didn't see it or remove it.

Let's try this and see if we can uncover them.


Next

Please open OTL.

• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, click the None button near the top (it may looked greyed out)
  
• In the window under Custom Scans/Fixes copy and paste the following
  
  
  /md5start
  SiSRaid.dll
  slabser.dll
  smapint.dll
  SMNDIS5.dll
  snapman380.dll
  /md5stop
  
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

 

[jacknjaspa]

OTL logfile created on: 29/04/2012 10:47:55 PM - Run 3
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.46% Memory free
4.87 Gb Paging File | 4.12 Gb Available in Paging File | 84.61% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 30.73 Gb Free Space | 10.31% Space Free | Partition Type: NTFS
Drive D: | 0.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 75.93 Gb Free Space | 50.95% Space Free | Partition Type: NTFS

Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< End of report >

 

[oldman960]

Hi jacknjaspa,

None of our tools seem to be able to see the files. Does AVG give you an exact location of the file(s)?

 

[jacknjaspa]

No (but I'm not sure where to look either?)

 

[jacknjaspa]

FYI........other than these keep popping up, pc appears to be running fine

 

[oldman960]

Hi jacknjaspa,

Is there a log or report tab/button in AVG?

When you get a popup from AVG what is all the information in the popup?

We'll try another tool. This may take several minutes to complete.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield
• Do not copy the word CODE , please note the script starts with the :
  

  :filefind
  us30service.dll   
  msgame.dll   
  irbus.dll   
  PSDNServ.dll   
  adobeversioncue.dll   
  pid_0928.dll   
  fetnd5bv.dll   
  Machnm32.dll   
  TeamViewer.dll   
  DCamUSBSQTECH.dll   
  WinVd32.dll   
  sthda.dll   
  mrpostman.dll   
  asp.net_2.0.50727.dll   
  tsircsrv.dll   
  wusb54gv2svc.dll   
  rpclocator.dll   
  nvmd.dll   
  AdfuUd.dll   
  nvgts.dll   
  pctavsvc.dll   
  cccredmgr.dll   
  EagleNT.dll   
  ndasbus.dll   
  hdaudbus.dll
  sentinelprotectionserver.dll   
  yats32.dll   
  LMIRfsClientNP.dll   
  DgiVecp.dll   
  ccevtmgr.dll   
  bt.dll   
  hap17v2k.dll   
  AdobeActiveFileMonitor6.0.dll   
  clipsrv.dll   
  z800mdm.dll   
  BrScnUsb.dll   
  sr_service.dll   
  clnt_clientman.dll   
  s125mdm.dll   
  W55U01.dll   
  psdvdisk.dll   
  qbposdbservices.dll   
  NWUSBModem.dll   
  CDRPDACC.dll   
  U81xmgmt.dll   
  Spsmqvsm.dll   
  lanmanserver.dll   
  ARCSOFTVIRTUALCAPTURE.dll   
  tga.dll
  NWDHCP.dll   
  pfmodnt.dll   
  viaudio.dll   
  ATMsrvc.dll   
  ksthunk.dll   
  bthusb.dll   
  fsRamDsk.dll   
  navapel.dll   
  bt3cusb.dll   
  p2pimsvc.dll   
  MREMP50a64.dll   
  oracle%oracle_home_service%clientcache80.dll   
  websenselogserver.dll   
  snareiis.dll   
  SNP2STD.dll   
  SetupNT.dll   
  dnetc.dll   
  RioS30.dll   
  lxdm_device.dll   
  cpsvc.dll   
  iAimTV5.dll   
  Wbutton.dll   
  atitool.dll   
  bvrp_pci.dll
  AmdLLD.dll   
  CoolerXPDriver.dll   
  adpu320.dll   
  asusgsb.dll   
  NWSNS.dll   
  RR2Ctrl.dll   
  ikhlayer.dll   
  processor.dll   
  2wirepcp.dll   
  intelppm.dll   
  vsbus.dll   
  backupexecnamingservice.dll   
  aswrdr.dll   
  NSSvcMgr.dll   
  RTLE8023xp.dll   
  Xyz777s.dll   
  USB_NDIS_51.dll   
  amfilter.dll   
  WUSB54Gv4SVC.dll   
  bwcsrv.dll   
  ultra.dll   
  lwwlicenseservice.dll   
  SiSRaid.dll  
  idsvc.dll   
  NuidFltr.dll   
  NtMtlFax.dll   
  wencrservice.dll   
  ireike.dll   
  sffdisk.dll   
  i8042prt.dll   
  msgame.dll   
  rt61.dll   
  spbbcsvc.dll   
  stirusb.dll   
  RivaTuner32.dll   
  btserial.dll   
  snapman380.dll   
  lmimirr.dll   
  TPECioCtl.dll   
  UWProSys.dll   
  avcgbfl.dll   
  dns4meclient.dll   
  sysaidagent.dll   
  service.dll   
  CoachUsb.dll   
  pdlnshay.dll   
  ghostsec.dll
  DSI_SiUSBXp_3_1.dll   
  smapint.dll   
  db2governor.dll   
  AppnApi.dll
  ICAM5USB.dll   
  om518p.dll   
  protexislicensing.dll   
  se59mgmt.dll   
  ql12160.dll   
  odysseyIM4.dll   
  dlcc_device.dll   
  DSXUSB.dll   
  ctxcpubal.dll   
  ipodsrv.dll   
  NTIDrvr.dll   
  msk80service.dll   
  WinFl32.dll   
  Sunkfiltp.dll   
  lpx.dll   
  pdlnafac.dll   
  x10nets.dll   
  nvrd64.dll   
  rdpdr.dll   
  nvata.dll 
  retroexplauncher.dll   
  twotrack.dll   
  VC6SecS.dll   
  aswrdr.dll   
  nvedavt.dll   
  LHidUsbK.dll   
  statusagent4.dll   
  SMNDIS5.dll   
  edspport.dll   
  wlancig.dll   
  pdcomp.dll   
  uagp35.dll   
  rspndr.dll   
  UNDPX2A.dll   
  traprcvr.dll   
  TPPWRIF.dll   
  rimsptsk.dll   
  pdiddcci.dll   
  slabser.dll   
  ppa3.dll   
  messenger.dll   
  rksample.dll   
  roxliveshare9.dll   
  Defrag32.dll   
  prismxl.dll   
  wfxsvc.dllIn the notepad

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[jacknjaspa]

Righto it came up with another alert & it says multiple threat detection;

This is where these are saved;
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP408

The actual name of the threat is;
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP408Z\A0092077.dll

Hope this helps?

Anyway I'll do the next step you've sent me

 

[jacknjaspa]

Im not sure that it finished & it came up with the following;

Microsoft Visual C++ Runtime Library
Program: C\Documents and settings\cameron\desktop\systemlook.exe

This application has requested the runtime to terminate it in an unusual way. Please contact the applications support team for more information

Anyway heres the log;

SystemLook 30.07.11 by jpshortstuff
Log created at 06:23 on 30/04/2012 by Cameron
Administrator - Elevation successful

========== filefind ==========

Searching for "us30service.dll "
No files found.

Searching for "msgame.dll "
No files found.

Searching for "irbus.dll "
No files found.

Searching for "PSDNServ.dll "
No files found.

Searching for "adobeversioncue.dll "
No files found.

Searching for "pid_0928.dll "
No files found.

Searching for "fetnd5bv.dll "
No files found.

Searching for "Machnm32.dll "
No files found.

Searching for "TeamViewer.dll "
No files found.

Searching for "DCamUSBSQTECH.dll "
No files found.

Searching for "WinVd32.dll "
No files found.

Searching for "sthda.dll "
No files found.

Searching for "mrpostman.dll "
No files found.

Searching for "asp.net_2.0.50727.dll "
No files found.

Searching for "tsircsrv.dll "
No files found.

Searching for "wusb54gv2svc.dll "
No files found.

Searching for "rpclocator.dll "
No files found.

Searching for "nvmd.dll "
No files found.

Searching for "AdfuUd.dll "
No files found.

Searching for "nvgts.dll "
No files found.

Searching for "pctavsvc.dll "
No files found.

Searching for "cccredmgr.dll "
No files found.

Searching for "EagleNT.dll "
No files found.

Searching for "ndasbus.dll "
No files found.

Searching for "hdaudbus.dll"
No files found.

Searching for "sentinelprotectionserver.dll "
No files found.

Searching for "yats32.dll "

 

[oldman960]

Hi

This is where these are saved;
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP408

Those aren't a problem. They are in System Restore points which will be removed when we remove combofix. We'll do that right now.

Disable AVG.

Click your start button > run

Copy and paste the following line into the run box and click ok

combofix /uninstall


Use the computer for a bit and see if AVG still detects anything.

 

[jacknjaspa]

Did that & soon as it rebooted it came up 3 threat detected warnings

File NAme - c:\windows\system32\defrag32.dll
Threat Name - IDP.Trojan.1C8D1A13
(The options are move to vault or allow)

c:\windows\system32\rr2ctrl.dll
IDP.Trojan.1C8D1A13

c:\windows\system32\ndasbus.dll
Unknown

Other than this it appears to be running well

 

[oldman960]

Hi jacknjaspa,

I see you picked up some new programs. What is this program for? Hack Pack 4.3


I don't know why AVG keeps finding these files when the other tools don't. Run an AVG scan and move the detections to the vault. Reboot after the scan and run it again. Any detections the second time?

 

[jacknjaspa]

haha it for my sons wii which I'm trying to mod!!

I'll do that now & let you know how I go

 

[jacknjaspa]

Thats wierd...ran the scan & it was clear.

I'll reboot & do again

 

[jacknjaspa]

Ran it again & comes up clean......but as soon as i run it "Threat detected" warning pop up

Heres on

filename - c;\windows\system32\roxliveshare9.dll
theat name - Unknown
when i clikc on move to vault it comes up in red & says "performing selected action fail"

filename - c;\windows\system32\appnapi.dll
theat name - Unknown
when i clikc on move to vault it comes up in red & says "performing selected action fail"

each time i try z& do this a new one pops up (doesnt appear to afffect the pc working though)

This is probably a silly question but what if i delete AVG & download another free virus scanner (no idea which one??) & see if this fixes it. What do you think?