Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected when using google I/E


  • Please log in to reply
7 replies to this topic

#1 ue underwood

ue underwood

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 24 February 2009 - 11:21 PM

I am being redirected to other search sites when using I/E google. For instance, if I google bls.gov and I click on the bls.gov link, I get redirected a hitnshop or someother site. I ran spybot and malwarebytes but this did not correct the problem. Please help.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Carrie at 21:51:35.07 on Tue 02/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.80 [GMT -6:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carrie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MalwareRemovalBot] c:\program files\malwareremovalbot\MalwareRemovalBot.exe -boot
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: E&xport to Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.9.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E9B80D94-D8BB-43CC-9138-75605A8D9666} - hxxp://aolsvc.aol.com/onlinegames/free-trial-wedding-dash/WeddingDash.1.0.0.50.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carrie\applic~1\mozilla\firefox\profiles\0d1iux70.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPNd2fn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-12-17 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-12-17 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-12-17 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-12-17 10760]
R1 n_omlfkrvagxq;n_omlfkrvagxq;c:\program files\common files\system\n_omlfkrvagxq32.dll [2009-2-9 29184]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-12-17 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-12-17 49664]
R2 iWinGamesInstaller;iWinGamesInstaller;c:\program files\iwin games\iWinGamesInstaller.exe [2008-9-9 78104]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-5 24652]

=============== Created Last 30 ================


==================== Find3M ====================

2009-02-23 20:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-15 16:03 2,678 a------- c:\windows\java\packages\data\QORL7D31.DAT
2009-01-15 16:03 2,678 a------- c:\windows\java\packages\data\V9RZ9N7F.DAT
2009-01-15 16:03 2,678 a------- c:\windows\java\packages\data\KE25FBPZ.DAT
2009-01-15 16:03 2,678 a------- c:\windows\java\packages\data\HF31R377.DAT
2009-01-15 16:03 2,678 a------- c:\windows\java\packages\data\DJRBXZFX.DAT
2008-12-20 17:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 21:52:07.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 02 March 2009 - 03:23 PM

ue underwood

1. Go HERE and download File Lister.Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
Posted Image
Microsoft MVP - Windows Security

#3 ue underwood

ue underwood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 02 March 2009 - 04:20 PM

+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.6
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>> 3/2/2009 3:13:55 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

BHO: (NO NAME) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

BHO: (NO NAME) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MalwareRemovalBot"="C:\\Program Files\\MalwareRemovalBot\\MalwareRemovalBot.exe -boot"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

3/2/2009 3:13:56 PM 2654 32 C:\Files.txt
2/23/2009 7:56:15 PM 493280453 C:\WINDOWS\$NtServicePackUninstall$
2/23/2009 7:56:15 PM 2713347 C:\WINDOWS\$NtServicePackUninstall$\spuninst
2/23/2009 8:18:34 PM 632429 C:\WINDOWS\$NtUninstallKB938464$
2/23/2009 8:18:34 PM 620124 C:\WINDOWS\$NtUninstallKB938464$\spuninst
2/23/2009 8:18:43 PM 715892 C:\WINDOWS\$NtUninstallKB946648$
2/23/2009 8:18:43 PM 620517 C:\WINDOWS\$NtUninstallKB946648$\spuninst
2/23/2009 8:18:53 PM 835924 C:\WINDOWS\$NtUninstallKB950762$
2/23/2009 8:18:53 PM 620869 C:\WINDOWS\$NtUninstallKB950762$\spuninst
2/23/2009 8:19:00 PM 879470 C:\WINDOWS\$NtUninstallKB950974$
2/23/2009 8:19:00 PM 620767 C:\WINDOWS\$NtUninstallKB950974$\spuninst
2/23/2009 8:19:07 PM 1324952 C:\WINDOWS\$NtUninstallKB951066$
2/23/2009 8:19:07 PM 620809 C:\WINDOWS\$NtUninstallKB951066$\spuninst
2/23/2009 8:19:17 PM 906660 C:\WINDOWS\$NtUninstallKB951376$
2/23/2009 8:19:17 PM 621205 C:\WINDOWS\$NtUninstallKB951376$\spuninst
2/23/2009 8:19:25 PM 905951 C:\WINDOWS\$NtUninstallKB951376-v2$
2/23/2009 8:19:25 PM 621392 C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst
2/23/2009 8:19:32 PM 1921418 C:\WINDOWS\$NtUninstallKB951698$
2/23/2009 8:19:33 PM 620795 C:\WINDOWS\$NtUninstallKB951698$\spuninst
2/23/2009 8:19:40 PM 1759529 C:\WINDOWS\$NtUninstallKB951748$
2/23/2009 8:19:40 PM 622408 C:\WINDOWS\$NtUninstallKB951748$\spuninst
2/26/2009 3:02:06 PM 2446160 C:\WINDOWS\$NtUninstallKB951978$
2/26/2009 3:02:06 PM 627536 C:\WINDOWS\$NtUninstallKB951978$\spuninst
2/23/2009 8:19:48 PM 965205 C:\WINDOWS\$NtUninstallKB952287$
2/23/2009 8:19:48 PM 620998 C:\WINDOWS\$NtUninstallKB952287$\spuninst
2/23/2009 8:19:58 PM 706947 C:\WINDOWS\$NtUninstallKB952954$
2/23/2009 8:19:58 PM 620788 C:\WINDOWS\$NtUninstallKB952954$\spuninst
2/23/2009 8:20:11 PM 2479182 C:\WINDOWS\$NtUninstallKB954211$
2/23/2009 8:20:11 PM 620821 C:\WINDOWS\$NtUninstallKB954211$\spuninst
2/26/2009 3:01:25 PM 1928151 C:\WINDOWS\$NtUninstallKB954459$
2/26/2009 3:01:25 PM 621527 C:\WINDOWS\$NtUninstallKB954459$\spuninst
2/23/2009 8:20:19 PM 878402 C:\WINDOWS\$NtUninstallKB954600$
2/23/2009 8:20:20 PM 620876 C:\WINDOWS\$NtUninstallKB954600$\spuninst
2/23/2009 8:20:27 PM 1740243 C:\WINDOWS\$NtUninstallKB955069$
2/23/2009 8:20:27 PM 620868 C:\WINDOWS\$NtUninstallKB955069$\spuninst
2/23/2009 8:20:40 PM 916176 C:\WINDOWS\$NtUninstallKB956802$
2/23/2009 8:20:40 PM 620792 C:\WINDOWS\$NtUninstallKB956802$\spuninst
2/23/2009 8:20:47 PM 771845 C:\WINDOWS\$NtUninstallKB956803$
2/23/2009 8:20:47 PM 620918 C:\WINDOWS\$NtUninstallKB956803$\spuninst
2/23/2009 8:20:57 PM 4894111 C:\WINDOWS\$NtUninstallKB956841$
2/23/2009 8:20:57 PM 622292 C:\WINDOWS\$NtUninstallKB956841$\spuninst
2/23/2009 8:21:11 PM 968127 C:\WINDOWS\$NtUninstallKB957095$
2/23/2009 8:21:11 PM 620848 C:\WINDOWS\$NtUninstallKB957095$\spuninst
2/23/2009 8:21:18 PM 1087971 C:\WINDOWS\$NtUninstallKB957097$
2/23/2009 8:21:18 PM 621195 C:\WINDOWS\$NtUninstallKB957097$\spuninst
2/23/2009 8:21:26 PM 968417 C:\WINDOWS\$NtUninstallKB958644$
2/23/2009 8:21:26 PM 620809 C:\WINDOWS\$NtUninstallKB958644$\spuninst
2/23/2009 8:21:34 PM 964942 C:\WINDOWS\$NtUninstallKB958687$
2/23/2009 8:21:34 PM 620918 C:\WINDOWS\$NtUninstallKB958687$\spuninst
1/15/2009 3:01:02 PM 960578 C:\WINDOWS\$NtUninstallKB958687_0$
1/15/2009 3:01:02 PM 627522 C:\WINDOWS\$NtUninstallKB958687_0$\spuninst
2/12/2009 3:02:33 PM 887186 C:\WINDOWS\$NtUninstallKB960715$
2/12/2009 3:02:33 PM 625042 C:\WINDOWS\$NtUninstallKB960715$\spuninst
2/26/2009 3:01:43 PM 9083894 C:\WINDOWS\$NtUninstallKB967715$
2/26/2009 3:01:43 PM 622582 C:\WINDOWS\$NtUninstallKB967715$\spuninst
1/25/2009 9:06:05 PM 23076690 C:\WINDOWS\ie7
1/25/2009 9:06:05 PM 1050948 C:\WINDOWS\ie7\spuninst
1/25/2009 9:09:26 PM 87255063 C:\WINDOWS\ie7updates
1/29/2009 3:01:17 PM 1362808 C:\WINDOWS\ie7updates\KB938127-IE7
1/29/2009 3:01:17 PM 596856 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst
1/29/2009 3:01:33 PM 1362933 C:\WINDOWS\ie7updates\KB938127-v2-IE7
1/29/2009 3:01:33 PM 596981 C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst
1/25/2009 9:09:26 PM 23407870 C:\WINDOWS\ie7updates\KB956390-IE7
1/25/2009 9:09:26 PM 616334 C:\WINDOWS\ie7updates\KB956390-IE7\spuninst
1/25/2009 9:11:36 PM 36858247 C:\WINDOWS\ie7updates\KB958215-IE7
1/25/2009 9:11:36 PM 616447 C:\WINDOWS\ie7updates\KB958215-IE7\spuninst
1/29/2009 3:01:45 PM 4190040 C:\WINDOWS\ie7updates\KB960714-IE7
1/29/2009 3:01:45 PM 596824 C:\WINDOWS\ie7updates\KB960714-IE7\spuninst
2/12/2009 3:01:39 PM 20073165 C:\WINDOWS\ie7updates\KB961260-IE7
2/12/2009 3:01:39 PM 615853 C:\WINDOWS\ie7updates\KB961260-IE7\spuninst
2/23/2009 8:12:34 PM 46127 C:\WINDOWS\l2schemas
2/23/2009 8:27:51 PM 5404320 C:\WINDOWS\Prefetch
2/23/2009 8:06:44 PM 595270300 C:\WINDOWS\ServicePackFiles
2/23/2009 8:06:44 PM 592135051 C:\WINDOWS\ServicePackFiles\i386
2/23/2009 8:12:09 PM 49218301 C:\WINDOWS\ServicePackFiles\i386\lang
2/23/2009 8:14:04 PM 3135249 C:\WINDOWS\ServicePackFiles\ServicePackCache
2/23/2009 8:14:04 PM 3135249 C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
1/29/2009 3:10:13 PM 0 32 C:\WINDOWS\0.log
2/23/2009 8:15:06 PM 173 32 C:\WINDOWS\cmsetacl.log
1/29/2009 3:01:24 PM 19713 32 C:\WINDOWS\comsetup.log
2/23/2009 8:28:53 PM 226 32 C:\WINDOWS\DtcInstall.log
1/29/2009 3:01:21 PM 191681 32 C:\WINDOWS\FaxSetup.log
1/29/2009 3:01:23 PM 200225 32 C:\WINDOWS\iis6.log
1/29/2009 3:01:26 PM 1374 32 C:\WINDOWS\imsins.BAK
1/29/2009 3:01:26 PM 1374 32 C:\WINDOWS\imsins.log
1/29/2009 3:00:42 PM 8889 32 C:\WINDOWS\KB938127-IE7.log
1/29/2009 3:01:31 PM 8170 32 C:\WINDOWS\KB938127-v2-IE7.log
2/23/2009 8:18:24 PM 185950 32 C:\WINDOWS\KB938464.log
2/23/2009 8:18:41 PM 184351 32 C:\WINDOWS\KB946648.log
2/23/2009 8:18:48 PM 988 32 C:\WINDOWS\KB950759.log
2/23/2009 8:18:52 PM 184426 32 C:\WINDOWS\KB950762.log
2/23/2009 8:18:58 PM 184974 32 C:\WINDOWS\KB950974.log
2/23/2009 8:19:06 PM 184099 32 C:\WINDOWS\KB951066.log
2/23/2009 8:19:14 PM 1034 32 C:\WINDOWS\KB951072-v2.log
2/23/2009 8:19:23 PM 184538 32 C:\WINDOWS\KB951376-v2.log
2/23/2009 8:19:16 PM 184498 32 C:\WINDOWS\KB951376.log
2/23/2009 8:19:30 PM 184096 32 C:\WINDOWS\KB951698.log
2/23/2009 8:19:38 PM 186336 32 C:\WINDOWS\KB951748.log
2/24/2009 10:52:44 AM 13298 32 C:\WINDOWS\KB951978.log
2/26/2009 3:00:32 PM 7046 32 C:\WINDOWS\KB952069.log
2/23/2009 8:19:47 PM 184126 32 C:\WINDOWS\KB952287.log
2/23/2009 8:19:55 PM 185003 32 C:\WINDOWS\KB952954.log
2/23/2009 8:20:06 PM 988 32 C:\WINDOWS\KB953838.log
2/23/2009 8:20:09 PM 184428 32 C:\WINDOWS\KB954211.log
2/24/2009 10:52:33 AM 11625 32 C:\WINDOWS\KB954459.log
2/23/2009 8:20:18 PM 184106 32 C:\WINDOWS\KB954600.log
2/23/2009 8:20:25 PM 184108 32 C:\WINDOWS\KB955069.log
2/23/2009 8:20:33 PM 1025 32 C:\WINDOWS\KB955839.log
2/23/2009 8:20:35 PM 988 32 C:\WINDOWS\KB956390.log
1/29/2009 3:01:54 PM 7623 32 C:\WINDOWS\KB956391.log
2/23/2009 8:20:39 PM 184998 32 C:\WINDOWS\KB956802.log
2/23/2009 8:20:46 PM 184436 32 C:\WINDOWS\KB956803.log
2/23/2009 8:20:53 PM 186466 32 C:\WINDOWS\KB956841.log
2/23/2009 8:21:10 PM 184437 32 C:\WINDOWS\KB957095.log
2/23/2009 8:21:16 PM 184507 32 C:\WINDOWS\KB957097.log
2/23/2009 8:21:23 PM 988 32 C:\WINDOWS\KB958215.log
2/23/2009 8:21:25 PM 185020 32 C:\WINDOWS\KB958644.log
2/23/2009 8:21:32 PM 184440 32 C:\WINDOWS\KB958687.log
1/29/2009 3:01:39 PM 9119 32 C:\WINDOWS\KB960714-IE7.log
2/23/2009 8:21:39 PM 988 32 C:\WINDOWS\KB960714.log
2/12/2009 3:02:30 PM 14629 32 C:\WINDOWS\KB960715.log
2/12/2009 3:00:40 PM 20542 32 C:\WINDOWS\KB961260-IE7.log
2/25/2009 5:27:33 AM 13644 32 C:\WINDOWS\KB967715.log
1/29/2009 3:01:28 PM 13121 32 C:\WINDOWS\MedCtrOC.log
1/29/2009 3:01:27 PM 9423 32 C:\WINDOWS\msgsocm.log
1/29/2009 3:01:26 PM 58474 32 C:\WINDOWS\msmqinst.log
1/29/2009 3:01:28 PM 33247 32 C:\WINDOWS\netfxocm.log
1/29/2009 3:01:24 PM 11706 32 C:\WINDOWS\ntdtcsetup.log
1/29/2009 3:01:20 PM 91345 32 C:\WINDOWS\ocgen.log
1/29/2009 3:01:28 PM 3239 32 C:\WINDOWS\ocmsn.log
2/24/2009 4:12:55 AM 345 32 C:\WINDOWS\OEWABLog.txt
2/23/2009 8:14:44 PM 259 32 C:\WINDOWS\sessmgr.setup.log
1/29/2009 3:01:24 PM 0 32 C:\WINDOWS\setupact.log
1/30/2009 6:46:52 AM 81887 32 C:\WINDOWS\setupapi.log
1/29/2009 3:01:24 PM 0 32 C:\WINDOWS\setuperr.log
2/23/2009 8:14:58 PM 9625 32 C:\WINDOWS\setuplog.txt
2/23/2009 8:14:57 PM 69899 32 C:\WINDOWS\spupdsvc.log
2/23/2009 8:28:26 PM 187 32 C:\WINDOWS\spupdsvc.log.1.log
1/30/2009 6:45:30 AM 568401 32 C:\WINDOWS\svcpack.log
1/29/2009 3:01:28 PM 9797 32 C:\WINDOWS\tabletoc.log
1/29/2009 3:01:25 PM 86509 32 C:\WINDOWS\tsoc.log
1/29/2009 3:01:48 PM 107169 32 C:\WINDOWS\updspapi.log
2/23/2009 8:28:44 PM 4270 32 C:\WINDOWS\wmsetup.log
2/23/2009 8:12:32 PM 409088 C:\WINDOWS\system32\bits
2/23/2009 8:12:33 PM 76288 C:\WINDOWS\system32\en
2/23/2009 8:12:35 PM 83456 C:\WINDOWS\system32\scripting
1/15/2009 4:03:08 PM 139536 32 C:\WINDOWS\system32\javaee.dll
2/4/2009 6:15:46 PM 2834 32 C:\WINDOWS\system32\MrHealthy.log
2/23/2009 8:28:24 PM 90 32 C:\WINDOWS\system32\spupdwxp.log

====== Files under "\Administrator\Startup" Last 60 Days======



====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

2/25/2009 2:21:09 PM 949072 C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2/24/2009 7:44:59 PM 4153215 C:\Program Files\Malwarebytes' Anti-Malware
2/24/2009 7:44:59 PM 372760 C:\Program Files\Malwarebytes' Anti-Malware\Languages
2/25/2009 2:21:08 PM 962896 C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2/25/2009 2:21:11 PM 3125920 C:\Program Files\SDHelper (Spybot - Search & Destroy)

====== Files under "\System32\Drivers" Last 60 Days======

2/24/2009 7:45:02 PM 15504 32 C:\WINDOWS\system32\drivers\mbam.sys
2/24/2009 7:45:00 PM 38496 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\Carrie\LOCALS~1\Temp\control.xml
C:\DOCUME~1\Carrie\LOCALS~1\Temp\Defrag.log
C:\DOCUME~1\Carrie\LOCALS~1\Temp\etilqs_0wpkjKBDJUb1abZV0A1v
C:\DOCUME~1\Carrie\LOCALS~1\Temp\hpzcoi00.log
C:\DOCUME~1\Carrie\LOCALS~1\Temp\hpzcoi01.log
C:\DOCUME~1\Carrie\LOCALS~1\Temp\hpzcoi02.log
C:\DOCUME~1\Carrie\LOCALS~1\Temp\hpzcoi03.log
C:\DOCUME~1\Carrie\LOCALS~1\Temp\nse14.tmp
C:\DOCUME~1\Carrie\LOCALS~1\Temp\PC_Checkup_Setup.exe
C:\DOCUME~1\Carrie\LOCALS~1\Temp\Sched.exe
C:\DOCUME~1\Carrie\LOCALS~1\Temp\utt11.tmp
C:\DOCUME~1\Carrie\LOCALS~1\Temp\utt11.tmp.exe
C:\DOCUME~1\Carrie\LOCALS~1\Temp\~DF1DED.tmp
C:\DOCUME~1\Carrie\LOCALS~1\Temp\~DF5EF4.tmp

14 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

2/24/2009 7:44:59 PM 1693156 C:\Documents and Settings\All Users\Application Data\Malwarebytes
2/24/2009 7:44:59 PM 1693156 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
1/15/2009 4:04:49 PM 3104 C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
1/15/2009 4:04:49 PM 3104 C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\ares


HKLM\Software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}


HKLM\Software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA


HKLM\Software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut


HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update


HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper


HKLM\Software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck


HKLM\Software\microsoft\shared tools\msconfig\startupreg\nwiz


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched


HKLM\Software\microsoft\shared tools\msconfig\startupreg\swg


HKLM\Software\microsoft\shared tools\msconfig\startupreg\updateMgr


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager


====== Services ( Services that are Whitelisted are not shown) ======

ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service)- C:\WINDOWS\system32\drivers\ADIHdAud.sys - Manual/Running
AEAudioService (AEAudio Service)- C:\WINDOWS\system32\drivers\AEAudio.sys - Manual/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Stopped
HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service)- C:\WINDOWS\system32\drivers\HdAudio.sys - Manual/Stopped
MTsensor (ATK0110 ACPI UTILITY)- C:\WINDOWS\system32\DRIVERS\ASACPI.sys - Manual/Running
n_omlfkrvagxq (n_omlfkrvagxq)- \??\C:\Program Files\Common Files\System\n_omlfkrvagxq32.dll - System/Running
PalmUSBD (PalmUSBD)- C:\WINDOWS\system32\drivers\PalmUSBD.sys - Manual/Stopped
QV2KUX (Casio Digital Camera)- C:\WINDOWS\system32\DRIVERS\qv2kux.sys - Manual/Stopped
SenFiltService (SenFilt Service)- C:\WINDOWS\system32\drivers\Senfilt.sys - Manual/Running
w810bus (Sony Ericsson W810 Driver driver (WDM))- C:\WINDOWS\system32\DRIVERS\w810bus.sys - Manual/Stopped
w810mdfl (Sony Ericsson W810 USB WMC Modem Filter)- C:\WINDOWS\system32\DRIVERS\w810mdfl.sys - Manual/Stopped
w810mdm (Sony Ericsson W810 USB WMC Modem Driver)- C:\WINDOWS\system32\DRIVERS\w810mdm.sys - Manual/Stopped
w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM))- C:\WINDOWS\system32\DRIVERS\w810mgmt.sys - Manual/Stopped
w810obex (Sony Ericsson W810 USB WMC OBEX Interface)- C:\WINDOWS\system32\DRIVERS\w810obex.sys - Manual/Stopped

====== Uninstall List From Registry ======

Disney's 102 Dalmatians Puppies to the Rescue
World of Kaneva v3.2
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Peer Points Manager
Audacity 1.2.6
AVG 7.5
CCleaner (remove only)
Diner Dash 2 (remove only)
HP Imaging Device Functions 5.3
HP Solution Center & Imaging Support Tools 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
iWin Games (remove only)
High Definition Audio Driver Package - KB888111
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956390)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows Internet Explorer 7 (KB961260)
Update for Windows XP (KB967715)
LimeWire 4.14.10
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.6)
Microsoft National Language Support Downlevel APIs
Norton PC Checkup
NVIDIA Drivers
RealPlayer
Rise of Atlantis (remove only)
Adobe Flash Player 9 ActiveX
Spybot - Search & Destroy 1.4
VISTAS2e VCD (remove only)
Viewpoint Media Player
Windows Genuine Advantage Notifications (KB905474)
Windows XP Service Pack 3
Yahoo! Toolbar
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Install Manager
Sony Ericsson PC Suite 1.20.207
CP_Package_Variety1
Destinations
AiO_Scan
HP Software Update
1400_Help
CP_Package_Variety3
Microsoft Office Professional Edition 2003
Google Toolbar for Internet Explorer
1400
Unload
The Sims™ 2 Double Deluxe
TrayApp
J2SE Runtime Environment 5.0 Update 8
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
iTunes
MalwareRemovalBot
QuickTime
NewCopy
WebReg
Windows Live Messenger
HP PSC & OfficeJet 5.3.B
eSupportQFolder
DocProc
Nero 7 Ultra Edition
Microsoft Visual C++ 2005 Redistributable
AiOSoftware
ProductContext
MSXML 4.0 SP2 (KB954430)
Readme
ScannerCopy
Apple Software Update
DeviceManagementQFolder
Adobe Reader 7.0.9
Spybot - Search & Destroy
CP_Package_Variety2
BufferChm
MSXML 4.0 SP2 (KB936181)
Athlon 64 Processor Driver
Scan
1400Trb
Microsoft .NET Framework 1.1
Fax
HPProductAssistant
SolutionCenter
SoundMAX
Status
Windows Live Sign-in Assistant
HP Image Zone Express

======== Other Info ========

TOTAL PHYSICAL RAM: 469 MB

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 02 March 2009 - 04:46 PM

ue underwood

I. We Need to temporarily disable SpyBotS&D Tea timer so it doesn't interfere with our fix1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
II. Go to Add or Remove Programs (Click Start ->> Control Panel ->> Add or Remove Programs)
And uninstall the following programMalwareRemovalBot
III.1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
    (How to extract (decompress) zipped or compressed files, help in the link here: )
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to Delete:
n_omlfkrvagxq


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh FileLister log.
Posted Image
Microsoft MVP - Windows Security

#5 ue underwood

ue underwood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 02 March 2009 - 06:19 PM

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "n_omlfkrvagxq" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.6
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>> 3/2/2009 5:18:09 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

BHO: (NO NAME) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

BHO: (NO NAME) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MalwareRemovalBot"="C:\\Program Files\\MalwareRemovalBot\\MalwareRemovalBot.exe -boot"


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

3/2/2009 5:13:33 PM 1202 C:\Avenger
3/2/2009 5:13:32 PM 978 32 C:\avenger.txt
3/2/2009 3:13:56 PM 3648 32 C:\Files.txt
2/23/2009 7:56:15 PM 493280453 C:\WINDOWS\$NtServicePackUninstall$
2/23/2009 7:56:15 PM 2713347 C:\WINDOWS\$NtServicePackUninstall$\spuninst
2/23/2009 8:18:34 PM 632429 C:\WINDOWS\$NtUninstallKB938464$
2/23/2009 8:18:34 PM 620124 C:\WINDOWS\$NtUninstallKB938464$\spuninst
2/23/2009 8:18:43 PM 715892 C:\WINDOWS\$NtUninstallKB946648$
2/23/2009 8:18:43 PM 620517 C:\WINDOWS\$NtUninstallKB946648$\spuninst
2/23/2009 8:18:53 PM 835924 C:\WINDOWS\$NtUninstallKB950762$
2/23/2009 8:18:53 PM 620869 C:\WINDOWS\$NtUninstallKB950762$\spuninst
2/23/2009 8:19:00 PM 879470 C:\WINDOWS\$NtUninstallKB950974$
2/23/2009 8:19:00 PM 620767 C:\WINDOWS\$NtUninstallKB950974$\spuninst
2/23/2009 8:19:07 PM 1324952 C:\WINDOWS\$NtUninstallKB951066$
2/23/2009 8:19:07 PM 620809 C:\WINDOWS\$NtUninstallKB951066$\spuninst
2/23/2009 8:19:17 PM 906660 C:\WINDOWS\$NtUninstallKB951376$
2/23/2009 8:19:17 PM 621205 C:\WINDOWS\$NtUninstallKB951376$\spuninst
2/23/2009 8:19:25 PM 905951 C:\WINDOWS\$NtUninstallKB951376-v2$
2/23/2009 8:19:25 PM 621392 C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst
2/23/2009 8:19:32 PM 1921418 C:\WINDOWS\$NtUninstallKB951698$
2/23/2009 8:19:33 PM 620795 C:\WINDOWS\$NtUninstallKB951698$\spuninst
2/23/2009 8:19:40 PM 1759529 C:\WINDOWS\$NtUninstallKB951748$
2/23/2009 8:19:40 PM 622408 C:\WINDOWS\$NtUninstallKB951748$\spuninst
2/26/2009 3:02:06 PM 2446160 C:\WINDOWS\$NtUninstallKB951978$
2/26/2009 3:02:06 PM 627536 C:\WINDOWS\$NtUninstallKB951978$\spuninst
2/23/2009 8:19:48 PM 965205 C:\WINDOWS\$NtUninstallKB952287$
2/23/2009 8:19:48 PM 620998 C:\WINDOWS\$NtUninstallKB952287$\spuninst
2/23/2009 8:19:58 PM 706947 C:\WINDOWS\$NtUninstallKB952954$
2/23/2009 8:19:58 PM 620788 C:\WINDOWS\$NtUninstallKB952954$\spuninst
2/23/2009 8:20:11 PM 2479182 C:\WINDOWS\$NtUninstallKB954211$
2/23/2009 8:20:11 PM 620821 C:\WINDOWS\$NtUninstallKB954211$\spuninst
2/26/2009 3:01:25 PM 1928151 C:\WINDOWS\$NtUninstallKB954459$
2/26/2009 3:01:25 PM 621527 C:\WINDOWS\$NtUninstallKB954459$\spuninst
2/23/2009 8:20:19 PM 878402 C:\WINDOWS\$NtUninstallKB954600$
2/23/2009 8:20:20 PM 620876 C:\WINDOWS\$NtUninstallKB954600$\spuninst
2/23/2009 8:20:27 PM 1740243 C:\WINDOWS\$NtUninstallKB955069$
2/23/2009 8:20:27 PM 620868 C:\WINDOWS\$NtUninstallKB955069$\spuninst
2/23/2009 8:20:40 PM 916176 C:\WINDOWS\$NtUninstallKB956802$
2/23/2009 8:20:40 PM 620792 C:\WINDOWS\$NtUninstallKB956802$\spuninst
2/23/2009 8:20:47 PM 771845 C:\WINDOWS\$NtUninstallKB956803$
2/23/2009 8:20:47 PM 620918 C:\WINDOWS\$NtUninstallKB956803$\spuninst
2/23/2009 8:20:57 PM 4894111 C:\WINDOWS\$NtUninstallKB956841$
2/23/2009 8:20:57 PM 622292 C:\WINDOWS\$NtUninstallKB956841$\spuninst
2/23/2009 8:21:11 PM 968127 C:\WINDOWS\$NtUninstallKB957095$
2/23/2009 8:21:11 PM 620848 C:\WINDOWS\$NtUninstallKB957095$\spuninst
2/23/2009 8:21:18 PM 1087971 C:\WINDOWS\$NtUninstallKB957097$
2/23/2009 8:21:18 PM 621195 C:\WINDOWS\$NtUninstallKB957097$\spuninst
2/23/2009 8:21:26 PM 968417 C:\WINDOWS\$NtUninstallKB958644$
2/23/2009 8:21:26 PM 620809 C:\WINDOWS\$NtUninstallKB958644$\spuninst
2/23/2009 8:21:34 PM 964942 C:\WINDOWS\$NtUninstallKB958687$
2/23/2009 8:21:34 PM 620918 C:\WINDOWS\$NtUninstallKB958687$\spuninst
1/15/2009 3:01:02 PM 960578 C:\WINDOWS\$NtUninstallKB958687_0$
1/15/2009 3:01:02 PM 627522 C:\WINDOWS\$NtUninstallKB958687_0$\spuninst
2/12/2009 3:02:33 PM 887186 C:\WINDOWS\$NtUninstallKB960715$
2/12/2009 3:02:33 PM 625042 C:\WINDOWS\$NtUninstallKB960715$\spuninst
2/26/2009 3:01:43 PM 9083894 C:\WINDOWS\$NtUninstallKB967715$
2/26/2009 3:01:43 PM 622582 C:\WINDOWS\$NtUninstallKB967715$\spuninst
1/25/2009 9:06:05 PM 23076690 C:\WINDOWS\ie7
1/25/2009 9:06:05 PM 1050948 C:\WINDOWS\ie7\spuninst
1/25/2009 9:09:26 PM 87255063 C:\WINDOWS\ie7updates
1/29/2009 3:01:17 PM 1362808 C:\WINDOWS\ie7updates\KB938127-IE7
1/29/2009 3:01:17 PM 596856 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst
1/29/2009 3:01:33 PM 1362933 C:\WINDOWS\ie7updates\KB938127-v2-IE7
1/29/2009 3:01:33 PM 596981 C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst
1/25/2009 9:09:26 PM 23407870 C:\WINDOWS\ie7updates\KB956390-IE7
1/25/2009 9:09:26 PM 616334 C:\WINDOWS\ie7updates\KB956390-IE7\spuninst
1/25/2009 9:11:36 PM 36858247 C:\WINDOWS\ie7updates\KB958215-IE7
1/25/2009 9:11:36 PM 616447 C:\WINDOWS\ie7updates\KB958215-IE7\spuninst
1/29/2009 3:01:45 PM 4190040 C:\WINDOWS\ie7updates\KB960714-IE7
1/29/2009 3:01:45 PM 596824 C:\WINDOWS\ie7updates\KB960714-IE7\spuninst
2/12/2009 3:01:39 PM 20073165 C:\WINDOWS\ie7updates\KB961260-IE7
2/12/2009 3:01:39 PM 615853 C:\WINDOWS\ie7updates\KB961260-IE7\spuninst
2/23/2009 8:12:34 PM 46127 C:\WINDOWS\l2schemas
2/23/2009 8:27:51 PM 5601920 C:\WINDOWS\Prefetch
2/23/2009 8:06:44 PM 595270300 C:\WINDOWS\ServicePackFiles
2/23/2009 8:06:44 PM 592135051 C:\WINDOWS\ServicePackFiles\i386
2/23/2009 8:12:09 PM 49218301 C:\WINDOWS\ServicePackFiles\i386\lang
2/23/2009 8:14:04 PM 3135249 C:\WINDOWS\ServicePackFiles\ServicePackCache
2/23/2009 8:14:04 PM 3135249 C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
1/29/2009 3:10:13 PM 0 32 C:\WINDOWS\0.log
2/23/2009 8:15:06 PM 173 32 C:\WINDOWS\cmsetacl.log
1/29/2009 3:01:24 PM 19713 32 C:\WINDOWS\comsetup.log
2/23/2009 8:28:53 PM 226 32 C:\WINDOWS\DtcInstall.log
1/29/2009 3:01:21 PM 191681 32 C:\WINDOWS\FaxSetup.log
1/29/2009 3:01:23 PM 200225 32 C:\WINDOWS\iis6.log
1/29/2009 3:01:26 PM 1374 32 C:\WINDOWS\imsins.BAK
1/29/2009 3:01:26 PM 1374 32 C:\WINDOWS\imsins.log
1/29/2009 3:00:42 PM 8889 32 C:\WINDOWS\KB938127-IE7.log
1/29/2009 3:01:31 PM 8170 32 C:\WINDOWS\KB938127-v2-IE7.log
2/23/2009 8:18:24 PM 185950 32 C:\WINDOWS\KB938464.log
2/23/2009 8:18:41 PM 184351 32 C:\WINDOWS\KB946648.log
2/23/2009 8:18:48 PM 988 32 C:\WINDOWS\KB950759.log
2/23/2009 8:18:52 PM 184426 32 C:\WINDOWS\KB950762.log
2/23/2009 8:18:58 PM 184974 32 C:\WINDOWS\KB950974.log
2/23/2009 8:19:06 PM 184099 32 C:\WINDOWS\KB951066.log
2/23/2009 8:19:14 PM 1034 32 C:\WINDOWS\KB951072-v2.log
2/23/2009 8:19:23 PM 184538 32 C:\WINDOWS\KB951376-v2.log
2/23/2009 8:19:16 PM 184498 32 C:\WINDOWS\KB951376.log
2/23/2009 8:19:30 PM 184096 32 C:\WINDOWS\KB951698.log
2/23/2009 8:19:38 PM 186336 32 C:\WINDOWS\KB951748.log
2/24/2009 10:52:44 AM 13298 32 C:\WINDOWS\KB951978.log
2/26/2009 3:00:32 PM 7046 32 C:\WINDOWS\KB952069.log
2/23/2009 8:19:47 PM 184126 32 C:\WINDOWS\KB952287.log
2/23/2009 8:19:55 PM 185003 32 C:\WINDOWS\KB952954.log
2/23/2009 8:20:06 PM 988 32 C:\WINDOWS\KB953838.log
2/23/2009 8:20:09 PM 184428 32 C:\WINDOWS\KB954211.log
2/24/2009 10:52:33 AM 11625 32 C:\WINDOWS\KB954459.log
2/23/2009 8:20:18 PM 184106 32 C:\WINDOWS\KB954600.log
2/23/2009 8:20:25 PM 184108 32 C:\WINDOWS\KB955069.log
2/23/2009 8:20:33 PM 1025 32 C:\WINDOWS\KB955839.log
2/23/2009 8:20:35 PM 988 32 C:\WINDOWS\KB956390.log
1/29/2009 3:01:54 PM 7623 32 C:\WINDOWS\KB956391.log
2/23/2009 8:20:39 PM 184998 32 C:\WINDOWS\KB956802.log
2/23/2009 8:20:46 PM 184436 32 C:\WINDOWS\KB956803.log
2/23/2009 8:20:53 PM 186466 32 C:\WINDOWS\KB956841.log
2/23/2009 8:21:10 PM 184437 32 C:\WINDOWS\KB957095.log
2/23/2009 8:21:16 PM 184507 32 C:\WINDOWS\KB957097.log
2/23/2009 8:21:23 PM 988 32 C:\WINDOWS\KB958215.log
2/23/2009 8:21:25 PM 185020 32 C:\WINDOWS\KB958644.log
2/23/2009 8:21:32 PM 184440 32 C:\WINDOWS\KB958687.log
1/29/2009 3:01:39 PM 9119 32 C:\WINDOWS\KB960714-IE7.log
2/23/2009 8:21:39 PM 988 32 C:\WINDOWS\KB960714.log
2/12/2009 3:02:30 PM 14629 32 C:\WINDOWS\KB960715.log
2/12/2009 3:00:40 PM 20542 32 C:\WINDOWS\KB961260-IE7.log
2/25/2009 5:27:33 AM 13644 32 C:\WINDOWS\KB967715.log
1/29/2009 3:01:28 PM 13121 32 C:\WINDOWS\MedCtrOC.log
1/29/2009 3:01:27 PM 9423 32 C:\WINDOWS\msgsocm.log
1/29/2009 3:01:26 PM 58474 32 C:\WINDOWS\msmqinst.log
1/29/2009 3:01:28 PM 33247 32 C:\WINDOWS\netfxocm.log
1/29/2009 3:01:24 PM 11706 32 C:\WINDOWS\ntdtcsetup.log
1/29/2009 3:01:20 PM 91345 32 C:\WINDOWS\ocgen.log
1/29/2009 3:01:28 PM 3239 32 C:\WINDOWS\ocmsn.log
2/24/2009 4:12:55 AM 345 32 C:\WINDOWS\OEWABLog.txt
2/23/2009 8:14:44 PM 259 32 C:\WINDOWS\sessmgr.setup.log
1/29/2009 3:01:24 PM 0 32 C:\WINDOWS\setupact.log
1/30/2009 6:46:52 AM 81887 32 C:\WINDOWS\setupapi.log
1/29/2009 3:01:24 PM 0 32 C:\WINDOWS\setuperr.log
2/23/2009 8:14:58 PM 9625 32 C:\WINDOWS\setuplog.txt
2/23/2009 8:14:57 PM 69899 32 C:\WINDOWS\spupdsvc.log
2/23/2009 8:28:26 PM 187 32 C:\WINDOWS\spupdsvc.log.1.log
1/30/2009 6:45:30 AM 568401 32 C:\WINDOWS\svcpack.log
1/29/2009 3:01:28 PM 9797 32 C:\WINDOWS\tabletoc.log
1/29/2009 3:01:25 PM 86509 32 C:\WINDOWS\tsoc.log
1/29/2009 3:01:48 PM 107169 32 C:\WINDOWS\updspapi.log
2/23/2009 8:28:44 PM 4270 32 C:\WINDOWS\wmsetup.log
2/23/2009 8:12:32 PM 409088 C:\WINDOWS\system32\bits
2/23/2009 8:12:33 PM 76288 C:\WINDOWS\system32\en
2/23/2009 8:12:35 PM 83456 C:\WINDOWS\system32\scripting
1/15/2009 4:03:08 PM 139536 32 C:\WINDOWS\system32\javaee.dll
2/4/2009 6:15:46 PM 3270 32 C:\WINDOWS\system32\MrHealthy.log
2/23/2009 8:28:24 PM 90 32 C:\WINDOWS\system32\spupdwxp.log

====== Files under "\Administrator\Startup" Last 60 Days======



====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

2/25/2009 2:21:09 PM 949072 C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2/24/2009 7:44:59 PM 4153215 C:\Program Files\Malwarebytes' Anti-Malware
2/24/2009 7:44:59 PM 372760 C:\Program Files\Malwarebytes' Anti-Malware\Languages
2/25/2009 2:21:08 PM 962896 C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2/25/2009 2:21:11 PM 3125920 C:\Program Files\SDHelper (Spybot - Search & Destroy)

====== Files under "\System32\Drivers" Last 60 Days======

2/24/2009 7:45:02 PM 15504 32 C:\WINDOWS\system32\drivers\mbam.sys
2/24/2009 7:45:00 PM 38496 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\Carrie\LOCALS~1\Temp\etilqs_RXMjFKyDNKr5NDHcnx9b

1 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

2/24/2009 7:44:59 PM 1693156 C:\Documents and Settings\All Users\Application Data\Malwarebytes
2/24/2009 7:44:59 PM 1693156 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
1/15/2009 4:04:49 PM 3104 C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
1/15/2009 4:04:49 PM 3104 C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\ares


HKLM\Software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}


HKLM\Software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA


HKLM\Software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut


HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update


HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper


HKLM\Software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck


HKLM\Software\microsoft\shared tools\msconfig\startupreg\nwiz


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched


HKLM\Software\microsoft\shared tools\msconfig\startupreg\swg


HKLM\Software\microsoft\shared tools\msconfig\startupreg\updateMgr


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager


====== Services ( Services that are Whitelisted are not shown) ======

ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service)- C:\WINDOWS\system32\drivers\ADIHdAud.sys - Manual/Running
AEAudioService (AEAudio Service)- C:\WINDOWS\system32\drivers\AEAudio.sys - Manual/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Stopped
HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service)- C:\WINDOWS\system32\drivers\HdAudio.sys - Manual/Stopped
MTsensor (ATK0110 ACPI UTILITY)- C:\WINDOWS\system32\DRIVERS\ASACPI.sys - Manual/Running
PalmUSBD (PalmUSBD)- C:\WINDOWS\system32\drivers\PalmUSBD.sys - Manual/Stopped
QV2KUX (Casio Digital Camera)- C:\WINDOWS\system32\DRIVERS\qv2kux.sys - Manual/Stopped
SenFiltService (SenFilt Service)- C:\WINDOWS\system32\drivers\Senfilt.sys - Manual/Running
w810bus (Sony Ericsson W810 Driver driver (WDM))- C:\WINDOWS\system32\DRIVERS\w810bus.sys - Manual/Stopped
w810mdfl (Sony Ericsson W810 USB WMC Modem Filter)- C:\WINDOWS\system32\DRIVERS\w810mdfl.sys - Manual/Stopped
w810mdm (Sony Ericsson W810 USB WMC Modem Driver)- C:\WINDOWS\system32\DRIVERS\w810mdm.sys - Manual/Stopped
w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM))- C:\WINDOWS\system32\DRIVERS\w810mgmt.sys - Manual/Stopped
w810obex (Sony Ericsson W810 USB WMC OBEX Interface)- C:\WINDOWS\system32\DRIVERS\w810obex.sys - Manual/Stopped

====== Uninstall List From Registry ======

Disney's 102 Dalmatians Puppies to the Rescue
World of Kaneva v3.2
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Peer Points Manager
Audacity 1.2.6
AVG 7.5
CCleaner (remove only)
Diner Dash 2 (remove only)
HP Imaging Device Functions 5.3
HP Solution Center & Imaging Support Tools 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
iWin Games (remove only)
High Definition Audio Driver Package - KB888111
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956390)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows Internet Explorer 7 (KB961260)
Update for Windows XP (KB967715)
LimeWire 4.14.10
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.6)
Microsoft National Language Support Downlevel APIs
Norton PC Checkup
NVIDIA Drivers
RealPlayer
Rise of Atlantis (remove only)
Adobe Flash Player 9 ActiveX
Spybot - Search & Destroy 1.4
VISTAS2e VCD (remove only)
Viewpoint Media Player
Windows Genuine Advantage Notifications (KB905474)
Windows XP Service Pack 3
Yahoo! Toolbar
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Install Manager
Sony Ericsson PC Suite 1.20.207
CP_Package_Variety1
Destinations
AiO_Scan
HP Software Update
1400_Help
CP_Package_Variety3
Microsoft Office Professional Edition 2003
Google Toolbar for Internet Explorer
1400
Unload
The Sims™ 2 Double Deluxe
TrayApp
J2SE Runtime Environment 5.0 Update 8
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
iTunes
QuickTime
NewCopy
WebReg
Windows Live Messenger
HP PSC & OfficeJet 5.3.B
eSupportQFolder
DocProc
Nero 7 Ultra Edition
Microsoft Visual C++ 2005 Redistributable
AiOSoftware
ProductContext
MSXML 4.0 SP2 (KB954430)
Readme
ScannerCopy
Apple Software Update
DeviceManagementQFolder
Adobe Reader 7.0.9
Spybot - Search & Destroy
CP_Package_Variety2
BufferChm
MSXML 4.0 SP2 (KB936181)
Athlon 64 Processor Driver
Scan
1400Trb
Microsoft .NET Framework 1.1
Fax
HPProductAssistant
SolutionCenter
SoundMAX
Status
Windows Live Sign-in Assistant
HP Image Zone Express

======== Other Info ========

TOTAL PHYSICAL RAM: 469 MB

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 02 March 2009 - 09:46 PM

ue underwood

Good work. How's your PC running at this point?

Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security

#7 ue underwood

ue underwood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 03 March 2009 - 08:07 AM

Computer is running great and not taking me to random sites. I was not able to run Edwido because ActiveX was not enabled. I enabled some of the settings on ActiveX but not all because I was not sure which ones to enable and was still unable to run it. I did run Trend Micro online scan and there were a few fixes. I would have liked to have produced a log for you but am not sure how to get Edwido to run.

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 03 March 2009 - 08:27 AM

ue underwood

Glad to hear it. Since you have MBAM, you may want to update it and run a scan.

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Lets create a clean System Restore point
the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:Download the latest version of
Java Runtime Environment (JRE) 6.u11.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users