-
O1 HOSTS File: ([2010/07/11 23:11:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1255992221031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/26 15:25:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/07/11 23:10:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/11 23:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/11 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/11 22:34:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/11 21:12:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/11 20:42:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/11 20:32:04 | 000,000,000 | ---D | C] -- C:\Broni.com
[2010/07/11 20:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/11 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/11 20:06:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/11 20:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/11 20:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/11 19:39:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/11 19:39:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/11 19:39:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/11 19:39:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/06 18:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/06 18:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/06 18:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/21 12:17:14 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/29 19:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/29 19:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
========== Files - Modified Within 90 Days ==========
[2010/07/11 23:12:52 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/11 23:12:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/11 23:12:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 23:12:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 23:11:16 | 007,684,096 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/11 23:11:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/11 23:11:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/11 22:34:50 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/11 21:12:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/11 21:09:28 | 001,981,148 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/11 20:40:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/11 20:27:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/11 20:27:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2010/07/11 20:12:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/11 17:59:42 | 061,903,785 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/11 17:23:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/06 17:26:39 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/06 17:26:39 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/06 17:26:37 | 000,439,994 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/30 20:58:22 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2010/06/29 12:59:45 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/06/24 15:43:21 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Spa Treatments.doc
[2010/06/21 20:27:14 | 000,012,288 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\photothumb.db
[2010/06/21 12:49:49 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Michael and Rebecca Flight Information.doc
[2010/06/21 12:17:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/21 12:17:14 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/21 12:17:06 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/06/21 12:16:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/11 16:31:44 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 16:08:24 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/31 09:19:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/27 14:26:41 | 000,011,918 | R--- | M] () -- C:\Documents and Settings\Administrator\My Documents\reunion.ods
[2010/05/14 22:30:55 | 001,481,728 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Pictures to Print.doc
[2010/05/14 17:47:12 | 000,451,275 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sanitation laws.pdf
[2010/05/14 17:46:19 | 000,870,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cosmo.pdf
[2010/05/12 15:08:21 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Paper for english.doc
[2010/05/12 15:07:44 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Ib paper.doc
[2010/05/11 17:50:19 | 000,232,448 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\more pictures for IB.doc
[2010/05/11 17:22:35 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Works Cited Page.doc
[2010/05/11 17:20:26 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\pictures for ib paper.doc
[2010/05/08 22:15:14 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quote.doc
[2010/05/08 21:16:26 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Rebecca resume.doc
[2010/05/04 19:02:59 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\3 Paragraphs.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 14:16:26 | 001,526,272 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Phlyum Book.doc
========== Files Created - No Company Name ==========
[2010/07/11 20:59:14 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2010/07/11 19:39:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 19:39:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 19:39:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/11 14:48:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/24 15:43:21 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Spa Treatments.doc
[2010/06/21 12:49:49 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Michael and Rebecca Flight Information.doc
[2010/05/27 14:27:19 | 000,011,918 | R--- | C] () -- C:\Documents and Settings\Administrator\My Documents\reunion.ods
[2010/05/14 22:30:55 | 001,481,728 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Pictures to Print.doc
[2010/05/14 17:47:12 | 000,451,275 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sanitation laws.pdf
[2010/05/14 17:46:19 | 000,870,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cosmo.pdf
[2010/05/11 17:50:19 | 000,232,448 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\more pictures for IB.doc
[2010/05/11 17:22:34 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Works Cited Page.doc
[2010/05/11 17:20:25 | 000,208,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\pictures for ib paper.doc
[2010/05/11 17:06:04 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Ib paper.doc
[2010/05/08 22:15:13 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quote.doc
[2010/05/08 21:16:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Rebecca resume.doc
[2010/04/27 17:33:57 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\3 Paragraphs.doc
[2010/04/27 16:51:53 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Paper for english.doc
[2010/04/20 18:21:05 | 001,526,272 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Phlyum Book.doc
[2009/10/14 18:03:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/14 18:03:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2009/10/14 17:59:04 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2009/10/14 17:59:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2009/10/14 17:58:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2004/05/27 05:35:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/26 14:31:01 | 000,001,236 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/26 14:31:01 | 000,000,492 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
========== LOP Check ==========
[2009/10/14 17:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/03/10 18:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/03/08 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/14 18:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/29 19:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/11 23:12:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ==========
< End of report >
-
Nice :)
How is your computer doing at the moment?
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
2. Go to Kaspersky website and perform an online antivirus scan.
1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
-
It's running really good right now
-
Cool :)
Kaspersky may take time, so if it won't finish tonight, I'll check on you tomorrow after work.
You should be in pretty good shape by now :)
-
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 12, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 12, 2010 11:38:59
Records in database: 4228535
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Objects scanned: 77387
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:43:21
No threats found. Scanned area is clean.
Selected area has been scanned.
-
Broni, my AVG antivirus just finished the daily scan of my computer and found these 3 files.
"C:\System Volume Information\_restore{9786E1A5-2E7F-4801-91A9-EF3D4F91683E}\RP141\A0013272.dll";"Trojan horse Agent2.AYEO";"Moved to Virus Vault"
"C:\Program Files\Windows Defender\MsMpEng.exe (2212):\memory_07520000";"May be infected by unknown virus Win32/DH.CAFF82037F";"Object is inaccessible."
"C:\Program Files\Windows Defender\MsMpEng.exe (2212)";"May be infected by unknown virus Win32/DH.CAFF82037F";""
-
Good :)
OTL Clean-Up
Clean up with OTL:
* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
==============================================================
Your computer is clean https://discussions.virtualdr.com/
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.
Turn off System Restore:
- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
2. Restart computer.
3. Turn System Restore on.
4. Make sure, Windows Updates are current.
5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run defrag at your convenience.
8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
9. Please, let me know, how is your computer doing.
-
I didn't see your last post.
The first file is located in system restore, but you'll reset system restore, when you follow my last steps, so no worries there.
Two other findings are rather hilarious, since the file is a part of Windows Defender.
In any case, upload C:\Program Files\Windows Defender\MsMpEng.exe file to http://www.virustotal.com/ for security check.
-
Thank you very much for all of your help in getting rid of these infections. My computer is running perfect again thanks to your help. My hat's off to you again.
-
