BleepingComputer.com: found Virtumonde.sdn

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

found Virtumonde.sdn advice on how to rid the illness

#1 User is offline   Big_Smokes 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 01-August 10
  • Gender:Male
  • Location:San Diego

  Posted 01 August 2010 - 05:16 AM

in mid April 2010, Spybot S&D found Virtumonde.sdn on my laptop. it was fixed and a backup was created in recovery. laptop performed fine with no problems. Then last week after running Registry Booster which found

Entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value name: Mixersel
Value: C:\WINDOWS\temp\mixersel.exe
Reason: The value Mixersel in HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
contains an invalid path C:\WINDOWS\temp\mixersel.exe

Reg. Booster asked to put in ignore list , i googled first and found that i do not run software attached to that key, i didnt allow the request and exited program. thats when i noticed ads were now on my home page and registry corrupt ads popping up as i browsed. also program control in firewall thru CA was allowing system32 and other windows exes. access outbound, which i never had seen there before. i did a system restore going back 3 weeks. i uninstalled CA Security Suite which seemed like it went into zombie mode and replaced it with AVG. i have done several scans with AVG and it has not found any problems so far and laptop running fine, except that before i had 13 gigs free space out 40 gig HD and now i have 2.63 gig free space...

===============================================================================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 23:03:33.48 on Sun 08/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.703.217 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Administrator\Desktop\Defogger.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: live.com\onecare
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267318145914
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\xg5x1288.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-chrf-att&type=&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-30 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-30 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-30 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-30 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-30 308136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-30 430152]

=============== Created Last 30 ================

2010-08-02 05:59:47 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-08-01 06:25:34 0 d-----w- c:\program files\Trend Micro
2010-07-31 04:19:47 0 d-----w- c:\docume~1\admini~1\applic~1\AVG9
2010-07-31 01:04:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-31 01:04:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-31 01:04:01 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-31 01:03:58 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-31 01:03:54 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-07-31 00:59:24 0 d-----w- c:\program files\AVG
2010-07-31 00:58:57 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-31 00:10:26 0 d-----w- c:\docume~1\admini~1\applic~1\MSNInstaller
2010-07-30 13:24:25 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-30 13:07:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-30 13:01:39 0 d-----w- c:\program files\common files\DivX Shared
2010-07-30 12:32:41 0 d-----w- c:\program files\HP
2010-07-30 12:32:41 0 d-----w- c:\program files\common files\HP
2010-07-30 12:32:09 0 d-----w- c:\program files\common files\Logitech
2010-07-30 07:47:43 0 d-----w- c:\program files\InterActual
2010-07-13 06:03:21 0 ----a-w- c:\windows\system32\GLBSINST.%$D

==================== Find3M ====================

2010-07-21 04:02:03 14716 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-10 11:28:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 23:01:10 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01:10 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01:10 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-05-18 13:53:27 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-03-02 01:44:46 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2010-03-02 01:44:21 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-03-02 01:44:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2010-03-02 01:44:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010030120100302\index.dat
2010-03-02 01:44:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 23:04:27.26 ===============

Attached File(s)


This post has been edited by Big_Smokes: 02 August 2010 - 04:20 AM

#2 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,985
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 09 August 2010 - 12:11 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#3 User is offline   Big_Smokes 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 01-August 10
  • Gender:Male
  • Location:San Diego

Posted 14 August 2010 - 10:20 AM

still having the same problem as i noted before. but now browser is slower with more pop ups & also new windows poppin up that i cannot close. i have to go into task manager to close the pop up window which then closes all windows.
--------------------------------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 8/14/2010 05:26:38 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 282.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 3.77 Gb Free Space | 10.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICH-3E3992150A
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/14 05:25:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/31 05:24:11 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/30 18:57:59 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/30 18:02:42 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/30 18:02:42 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/30 18:02:40 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/30 18:02:36 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/30 18:02:17 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/30 18:01:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/27 09:50:38 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/06/02 17:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/18 06:53:33 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/13 13:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/02/13 13:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 13:02:24 | 000,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2003/11/20 17:19:14 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/14 05:25:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/02/05 18:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2003/11/20 17:19:08 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/30 18:57:59 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/30 18:01:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2010/07/30 18:04:06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/30 18:04:02 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/30 18:04:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/05 19:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 19:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 19:17:37 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/02/05 19:17:26 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2004/08/12 06:17:21 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 15:32:22 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/18 17:45:08 | 000,380,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2003/12/19 22:55:26 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/12/11 12:50:54 | 000,196,736 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/12/11 12:48:46 | 000,681,344 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/12/11 12:47:10 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/20 18:11:28 | 000,064,128 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2003/11/20 17:15:16 | 000,178,528 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/11/07 11:28:34 | 000,067,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/04/23 15:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2000/12/05 16:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1060284298-854245398-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.myspace.com/ [binary data]
IE - HKU\S-1-5-21-507921405-1060284298-854245398-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-507921405-1060284298-854245398-500\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-507921405-1060284298-854245398-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-507921405-1060284298-854245398-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-att"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-att"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-chrf-att&type=&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/30 18:59:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/07/30 18:03:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/31 05:24:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/31 05:24:30 | 000,000,000 | ---D | M]

[2010/03/15 18:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/08/13 23:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\extensions
[2010/05/01 09:45:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/05 00:24:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/30 04:26:52 | 000,000,000 | ---D | M] (att.net Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2010/07/30 03:15:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(3)
[2010/05/16 02:59:05 | 000,000,000 | ---D | M] (Playdom Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
[2010/04/11 20:40:49 | 000,000,000 | ---D | M] (Playdom Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}(2)
[2010/05/30 02:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\extensions\DeviceDetection@logitech.com
[2010/07/16 02:34:16 | 000,005,475 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\searchplugins\googlecom-in-english.xml
[2010/08/13 23:31:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/30 05:32:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/10 04:29:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/10 04:28:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/14 03:22:01 | 000,000,848 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-507921405-1060284298-854245398-500\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1060284298-854245398-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-507921405-1060284298-854245398-500\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1060284298-854245398-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-507921405-1060284298-854245398-500\..Trusted Domains: live.com ([onecare] http in Trusted sites)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1267318145914 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/27 17:40:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 05:25:20 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/12 18:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\YourBountyHunter!
[2010/08/12 18:54:53 | 000,548,864 | ---- | C] (Your Bounty Hunter) -- C:\Documents and Settings\Administrator\Desktop\YourBountyHunter4.1.exe
[2010/08/01 23:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/07/31 23:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/31 02:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/07/30 22:06:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/30 21:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2010/07/30 19:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
[2010/07/30 18:04:06 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/30 18:04:03 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/30 18:04:01 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/30 18:03:58 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/30 18:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/30 18:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/30 17:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/30 17:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/30 17:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2010/07/30 06:24:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/30 06:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/07/30 05:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/07/30 05:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/07/30 05:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/07/30 05:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/07/30 02:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/30 00:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2010/07/18 11:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/14 05:25:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/14 04:32:27 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{249EDDE2-048D-4D5D-9980-038C6170C0F5}.job
[2010/08/14 03:22:01 | 000,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/14 02:51:24 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/14 02:51:18 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2010/08/14 02:51:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/14 02:50:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/14 02:49:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/14 02:49:04 | 007,741,440 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/14 00:08:24 | 000,060,640 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Log.dat
[2010/08/14 00:08:16 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MYAPP.INI
[2010/08/13 21:10:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/08/13 18:31:18 | 063,401,551 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/13 05:08:09 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100814-032201.backup
[2010/08/12 18:55:38 | 001,602,821 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\YourBountyHunter.exe
[2010/08/12 18:54:55 | 000,548,864 | ---- | M] (Your Bounty Hunter) -- C:\Documents and Settings\Administrator\Desktop\YourBountyHunter4.1.exe
[2010/08/12 03:34:11 | 000,162,450 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\angeleyes.jpg
[2010/08/12 02:41:41 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 02:38:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 02:29:26 | 000,532,378 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 02:29:26 | 000,463,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 02:29:26 | 000,079,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 23:26:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rduqt9v6.exe
[2010/08/09 02:19:51 | 000,000,560 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/07 01:47:16 | 000,415,879 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100813-050809.backup
[2010/08/07 00:57:49 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/08/07 00:57:49 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/08/04 23:45:16 | 000,302,822 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\4860187516_9fd8b91475_b.jpg
[2010/08/04 23:41:15 | 000,272,042 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Unusual.jpg
[2010/08/04 23:39:20 | 000,067,604 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\4858862570_7cf50b6d36.jpg
[2010/08/01 22:59:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/08/01 01:15:04 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/07/30 18:04:27 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/30 18:04:09 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/30 18:04:08 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/30 18:04:06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/30 18:04:02 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/30 18:04:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/30 17:28:18 | 000,013,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/30 16:57:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/07/30 16:57:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/30 12:53:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2010/07/30 10:12:51 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 01:48:03 | 000,415,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100807-014716.backup
[2010/07/29 21:20:25 | 000,415,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100730-014803.backup
[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/20 21:02:03 | 000,014,716 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/19 18:52:32 | 000,412,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100729-212024.backup
[2010/07/15 22:22:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\GLBSINST.%$D
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/14 05:18:58 | 000,162,450 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\angeleyes.jpg
[2010/08/12 19:02:27 | 000,060,640 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Log.dat
[2010/08/12 18:58:32 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MYAPP.INI
[2010/08/12 18:55:37 | 001,602,821 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\YourBountyHunter.exe
[2010/08/11 23:26:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rduqt9v6.exe
[2010/08/07 00:58:04 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2010/08/07 00:57:49 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/08/07 00:57:49 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/08/05 03:11:12 | 000,302,822 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\4860187516_9fd8b91475_b.jpg
[2010/08/05 03:11:05 | 000,272,042 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Unusual.jpg
[2010/08/05 03:10:57 | 000,067,604 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\4858862570_7cf50b6d36.jpg
[2010/08/05 01:26:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/08/01 22:59:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/08/01 01:14:46 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/07/30 18:04:27 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/30 18:04:09 | 063,401,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/30 18:04:09 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/30 16:57:28 | 000,002,068 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010/05/18 06:57:32 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/03/14 22:12:59 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/02/28 15:25:51 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2010/02/28 15:14:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2010/02/28 14:59:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2010/02/28 12:12:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/02/05 18:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
< End of report >
----------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 8/14/2010 05:26:38 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 316.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 4.38 Gb Free Space | 11.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICH-3E3992150A
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-507921405-1060284298-854245398-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8175104D" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Setup.divx.com" = DivX Setup
"ie8" = Windows Internet Explorer 8
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2010 12:50:19 AM | Computer Name = RICH-3E3992150A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2010 12:50:19 AM | Computer Name = RICH-3E3992150A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2010 02:23:21 AM | Computer Name = RICH-3E3992150A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2010 02:23:27 AM | Computer Name = RICH-3E3992150A | Source = Application Hang | ID = 1001
Description = Fault bucket 1966851204.

Error - 8/4/2010 02:25:51 AM | Computer Name = RICH-3E3992150A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2010 02:26:00 AM | Computer Name = RICH-3E3992150A | Source = Application Hang | ID = 1001
Description = Fault bucket 1966851204.

Error - 8/4/2010 04:15:35 AM | Computer Name = RICH-3E3992150A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2010 04:15:38 AM | Computer Name = RICH-3E3992150A | Source = Application Hang | ID = 1001
Description = Fault bucket 1966851204.

[ System Events ]
Error - 8/11/2010 02:20:45 AM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1002
Description = The IP address lease 24.165.3.26 for the Network Card with network
address 080046CFECC2 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/11/2010 02:22:17 AM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 080046CFECC2.

Error - 8/11/2010 02:22:18 AM | Computer Name = RICH-3E3992150A | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 8/11/2010 04:23:09 AM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1002
Description = The IP address lease 24.165.3.26 for the Network Card with network
address 080046CFECC2 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/11/2010 04:23:22 AM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 080046CFECC2 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/11/2010 11:23:38 AM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1002
Description = The IP address lease 24.165.3.26 for the Network Card with network
address 080046CFECC2 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/11/2010 11:24:00 AM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 080046CFECC2 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/11/2010 05:30:51 PM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1002
Description = The IP address lease 24.165.3.26 for the Network Card with network
address 080046CFECC2 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/11/2010 11:26:05 PM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1002
Description = The IP address lease 24.165.3.26 for the Network Card with network
address 080046CFECC2 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/11/2010 11:26:37 PM | Computer Name = RICH-3E3992150A | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 080046CFECC2 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).


< End of report >

----------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-12 10:59:46
Windows 5.1.2600 Service Pack 3
Running: rduqt9v6.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxaoqkob.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifmsony.sys entry point in "init" section [0xF810B000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02FB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02FB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02FB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02FB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Desktop\rduqt9v6.exe[2384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Desktop\rduqt9v6.exe[2384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Desktop\rduqt9v6.exe[2384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Administrator\Desktop\rduqt9v6.exe[2384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG9\avgtray.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG9\avgtray.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG9\avgtray.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG9\avgtray.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00512D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00372F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00372CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00372D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00372CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


#4 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,985
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 14 August 2010 - 10:55 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#5 User is offline   Big_Smokes 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 01-August 10
  • Gender:Male
  • Location:San Diego

Posted 14 August 2010 - 06:43 PM

C:\ComboFix.txt

ComboFix 10-08-14.01 - Administrator 08/14/2010 12:04:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.703.405 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Recent\Thumbs.db
c:\windows\system32\Thumbs.db
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-06 14:27 . 2010-08-06 14:27 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4a5143f9-n\decora-sse.dll
2010-08-06 14:27 . 2010-08-06 14:27 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38006791-n\msvcp71.dll
2010-08-06 14:27 . 2010-08-06 14:27 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38006791-n\jmc.dll
2010-08-06 14:27 . 2010-08-06 14:27 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38006791-n\msvcr71.dll
2010-08-06 14:27 . 2010-08-06 14:27 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4a5143f9-n\decora-d3d.dll
2010-08-05 08:26 . 2010-08-14 18:54 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-08-04 04:21 . 2010-04-19 17:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-08-01 08:14 . 2010-08-01 08:14 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-01 06:25 . 2010-08-01 06:25 -------- d-----w- c:\program files\Trend Micro
2010-07-31 05:05 . 2010-07-31 05:05 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-31 05:05 . 2010-07-31 05:05 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-31 05:05 . 2010-07-31 05:05 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-31 05:04 . 2010-07-31 05:04 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-31 05:04 . 2010-07-31 05:04 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-31 05:04 . 2010-07-31 05:04 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-31 05:03 . 2010-07-31 05:03 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-31 05:03 . 2010-07-31 05:03 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-31 05:03 . 2010-07-31 05:03 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-31 05:03 . 2010-07-31 05:03 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-31 05:03 . 2010-07-31 05:03 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-31 05:03 . 2010-07-31 05:03 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-31 05:03 . 2010-07-31 05:03 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-31 04:19 . 2010-07-31 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG9
2010-07-31 02:07 . 2010-07-31 02:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-07-31 01:58 . 2010-07-31 01:58 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-31 01:58 . 2010-07-31 01:58 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-31 01:58 . 2010-07-31 01:58 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-31 01:58 . 2010-07-31 01:58 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-31 01:58 . 2010-07-31 01:58 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-31 01:04 . 2010-07-31 01:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-31 01:04 . 2010-07-31 01:04 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-31 01:04 . 2010-07-31 01:04 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-31 01:03 . 2010-08-14 15:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-31 01:03 . 2010-07-31 01:04 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-31 01:03 . 2010-08-04 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-31 00:59 . 2010-07-31 00:59 -------- d-----w- c:\program files\AVG
2010-07-31 00:58 . 2010-07-31 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-31 00:10 . 2010-07-31 00:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSNInstaller
2010-07-30 13:24 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-30 13:07 . 2010-07-30 13:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-30 13:01 . 2010-07-30 13:01 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-30 12:32 . 2010-07-30 12:32 -------- d-----w- c:\program files\Common Files\HP
2010-07-30 12:32 . 2010-07-30 12:32 -------- d-----w- c:\program files\HP
2010-07-30 12:32 . 2010-07-30 12:32 -------- d-----w- c:\program files\Common Files\Logitech
2010-07-30 12:32 . 2010-07-30 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-07-30 09:59 . 2010-07-30 09:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-30 07:47 . 2010-07-30 07:48 -------- d-----w- c:\program files\InterActual

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 07:56 . 2010-05-18 01:22 5125664 ----a-w- c:\documents and settings\Administrator\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2010-07-31 23:36 . 2010-03-15 03:51 -------- d-----w- c:\program files\Yahoo!
2010-07-31 23:25 . 2010-03-17 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-31 05:05 . 2010-04-02 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-31 05:05 . 2010-04-02 17:19 -------- d-----w- c:\program files\DivX
2010-07-31 04:23 . 2010-04-02 17:23 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-31 04:22 . 2010-04-02 17:23 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-31 00:28 . 2010-03-15 01:54 13688 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 12:43 . 2010-03-15 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-30 12:43 . 2010-03-15 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2010-07-30 12:33 . 2010-05-28 05:06 -------- d-----w- c:\program files\Uniblue
2010-07-30 12:32 . 2010-07-09 01:00 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-30 12:32 . 2010-05-18 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-30 12:32 . 2010-05-18 13:49 -------- d-----w- c:\program files\Logitech
2010-07-30 12:32 . 2010-02-28 19:12 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-21 04:02 . 2010-04-04 07:32 14716 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-07 22:37 . 2010-06-01 02:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Image Zone Express
2010-07-03 06:44 . 2010-04-18 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 19:04 . 2010-03-15 07:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2010-06-30 12:31 . 2004-08-12 13:27 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 06:23 . 2010-04-03 17:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-06-24 12:22 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-12 13:33 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-12 13:30 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-12 13:19 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-02-28 00:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 11:29 . 2010-06-10 11:29 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ef4cac9-n\msvcp71.dll
2010-06-10 11:29 . 2010-06-10 11:29 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ef4cac9-n\jmc.dll
2010-06-10 11:29 . 2010-06-10 11:29 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-73de16f4-n\decora-d3d.dll
2010-06-10 11:29 . 2010-06-10 11:29 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ef4cac9-n\msvcr71.dll
2010-06-10 11:29 . 2010-06-10 11:29 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-73de16f4-n\decora-sse.dll
2010-06-10 11:28 . 2010-06-10 11:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 23:01 . 2010-04-02 17:23 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-04-02 17:23 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-04-02 17:23 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-04-02 17:23 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-04-02 17:23 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-04-02 17:23 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-05-18 13:53 . 2010-05-18 13:53 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-21 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-21 499712]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-31 2065760]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-5-18 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-31 01:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/30/2010 06:04 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/30/2010 06:04 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/30/2010 06:01 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/30/2010 06:01 PM 308136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [7/30/2010 06:03 PM 430152]
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-07 16:50]

2010-08-14 c:\windows\Tasks\User_Feed_Synchronization-{249EDDE2-048D-4D5D-9980-038C6170C0F5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
Trusted Zone: live.com\onecare
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg5x1288.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-chrf-att&type=&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 12:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-1060284298-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,3d,f9,e5,37,d5,c6,46,a6,c9,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,3d,f9,e5,37,d5,c6,46,a6,c9,38,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7236)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-08-14 12:19:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-14 19:19

Pre-Run: 3,886,219,264 bytes free
Post-Run: 4,079,542,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1D04817D893F9BAFAE2E8C808C8DAC53
----------------------------------------------------------------------------------------------------------------------------------------------



This post has been edited by Big_Smokes: 14 August 2010 - 06:45 PM

#6 User is online   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,985
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 15 August 2010 - 03:26 AM

Hi, please let me know how things are running after the following steps.


I notice the presence of Uniblue Registry Booster Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners for several reasons.

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#7 User is offline   Big_Smokes 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 01-August 10
  • Gender:Male
  • Location:San Diego

Posted 11 September 2010 - 05:05 AM

Thank You Elise for your time in helping me with my problem. i did what you advised and everything seems to be running just fine. i read into what you said about using Reg. Booster and put it aside which i no longer will use and updated java and deleted prior versions. also do i need to change anything back besides turning back on CD Emulation with defogger? here are the results from the first scan using MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4434

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/15/2010 03:09:49 PM
mbam-log-2010-08-15 (15-09-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 176489
Time elapsed: 1 hour(s), 33 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users