Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirecting, plz help


  • This topic is locked This topic is locked
12 replies to this topic

#1 coldplay3r

coldplay3r

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 01 April 2009 - 02:19 AM

hey guys, noob here :thumbup2:

so yeh my problems are that the google links are redirecting to other sites

i tried using spybot search n destroy and spyware doctor but they wouldnt install :)
i got spyware terminator and did a scan n removal, didnt help



here is my HTL, anyone help?





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:55 PM, on 1/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Elie\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{100B72FC-FF6F-4146-A9C5-63BA45B4CD5E}: NameServer = 85.255.112.79,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C828B56-3C14-4004-98ED-C38D7783BD6F}: NameServer = 85.255.112.79,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{D179E7F0-DAB9-4280-941B-8F87582A6180}: NameServer = 85.255.112.79
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.79,85.255.112.213
O17 - HKLM\System\CS1\Services\Tcpip\..\{100B72FC-FF6F-4146-A9C5-63BA45B4CD5E}: NameServer = 85.255.112.79,85.255.112.213
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.79,85.255.112.213
O17 - HKLM\System\CS2\Services\Tcpip\..\{100B72FC-FF6F-4146-A9C5-63BA45B4CD5E}: NameServer = 85.255.112.79,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.79,85.255.112.213
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8610 bytes

BC AdBot (Login to Remove)

 


#2 coldplay3r

coldplay3r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 01 April 2009 - 03:37 PM

bump :thumbup2:

#3 coldplay3r

coldplay3r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 02 April 2009 - 12:47 AM

dnt know wat but 4sum reason cant update any program keep getting "invalid server or proxy setting"
cant update Microsoft, msn, anything.....

Edited by coldplay3r, 02 April 2009 - 08:05 PM.


#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:54 AM

Posted 08 April 2009 - 05:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 coldplay3r

coldplay3r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 12 April 2009 - 07:28 AM

hey :thumbup2:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Elie at 22:22:35.51 on Sun 12/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3006.1577 [GMT 10:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *enabled*
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Elie\Desktop\dds.scr
C:\Windows\System32\mobsync.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.79,85.255.112.213
TCP: {100B72FC-FF6F-4146-A9C5-63BA45B4CD5E} = 85.255.112.79,85.255.112.213
TCP: {7C828B56-3C14-4004-98ED-C38D7783BD6F} = 85.255.112.79,85.255.112.213
TCP: {D179E7F0-DAB9-4280-941B-8F87582A6180} = 85.255.112.79,85.255.112.213
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\elie\appdata\roaming\mozilla\firefox\profiles\fkpnuq5y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090129.001\IDSvix86.sys [2009-1-30 270384]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104328]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-30 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-12 99376]

=============== Created Last 30 ================

2009-04-11 10:32 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-10 17:30 <DIR> --d----- c:\users\elie\appdata\roaming\HouseCall 6.6
2009-04-10 14:50 81,984 a------- c:\windows\system32\bdod.bin
2009-04-10 08:51 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-10 08:51 385 a------- c:\windows\system32\user_gensett.xml
2009-04-10 08:43 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-10 08:43 <DIR> --d----- C:\Binaries
2009-04-10 08:38 <DIR> --d----- c:\windows\system32\URTTEMP
2009-04-03 06:55 <DIR> --d----- c:\users\elie\appdata\roaming\BitDefender
2009-04-03 06:54 <DIR> --d----- c:\programdata\BitDefender
2009-04-03 06:54 <DIR> --d----- c:\progra~2\BitDefender
2009-04-03 06:43 <DIR> --d----- c:\program files\common files\BitDefender
2009-04-02 21:57 <DIR> --d----- c:\windows\system32\logs
2009-04-02 21:56 <DIR> --d----- c:\program files\BitDefender
2009-04-02 20:13 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-01 14:55 <DIR> --d----- c:\users\elie\appdata\roaming\Spyware Terminator
2009-04-01 14:55 <DIR> --d----- c:\programdata\Spyware Terminator
2009-04-01 14:55 <DIR> --d----- c:\program files\Spyware Terminator
2009-04-01 14:55 <DIR> --d----- c:\progra~2\Spyware Terminator
2009-04-01 09:41 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-04-01 09:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-01 09:41 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-03-20 17:57 <DIR> --d----- c:\program files\HDExtrem

==================== Find3M ====================

2009-04-12 19:15 34 a------- c:\users\elie\jagex_runescape_preferences.dat
2009-04-10 08:43 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-10 08:43 86,016 a------- c:\windows\inf\infstor.dat
2009-04-10 08:43 51,200 a------- c:\windows\inf\infpub.dat
2009-04-10 07:48 41,952 a------- c:\programdata\nvModes.dat
2009-04-10 07:48 41,952 a------- c:\progra~2\nvModes.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-19 10:31 24,112 a------- c:\windows\system32\drivers\SymIMV.sys
2009-02-19 10:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 10:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 10:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 10:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 10:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 10:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 10:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 10:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-12 16:52 104,328 a------- c:\windows\system32\drivers\bdfndisf.sys
2009-02-09 13:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-15 16:11 827,392 a------- c:\windows\system32\wininet.dll
2008-12-29 12:43 27,240 a------- c:\users\elie\appdata\roaming\nvModes.dat
2008-12-12 09:02 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 12:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-11 17:17 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-12-11 17:17 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-12-11 17:17 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 22:22:57.40 ===============

Attached Files


Edited by coldplay3r, 12 April 2009 - 07:29 AM.


#6 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:03:54 PM

Posted 12 April 2009 - 08:31 AM

Hello, coldplay3r

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


I'm not seeing much in your logs, let's start with this:

Goored Fix

Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#7 coldplay3r

coldplay3r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 14 April 2009 - 01:31 AM

hey jat:D

GooredFix v1.92 by jpshortstuff
Log created at 16:29 on 14/04/2009 running Option #2 (Elie)
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

#8 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:03:54 PM

Posted 14 April 2009 - 03:02 AM

Hello,

Let's try this:

MalwareBytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

ESET Online Scan

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
ReScan

Please rescan with DDS and post DDS.txt


In your next reply, please post:
  • MBAM log
  • ESET log
  • DDS log

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#9 coldplay3r

coldplay3r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 15 April 2009 - 03:11 AM

:thumbup2:

the mbam program isnt working, it never automatically started after the installation (i did every thing u said), this was another topic i started on another section, http://www.bleepingcomputer.com/forums/ind...p;#entry1207343

the Eset website doesnt seem to be working, all i got was a page load error, couldnt establish a connection with the server

#10 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:03:54 PM

Posted 15 April 2009 - 05:05 AM

Hello,

Let's proceed with ComboFix:

ComboFix

Please download ComboFix from one of these locations (If you already have it, delete it and download again):

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Note** ComboFix was designed only to be used under the supervision of a helper, not for general use.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#11 coldplay3r

coldplay3r
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 15 April 2009 - 08:11 PM

:thumbup2:

ComboFix 09-04-15.08 - Elie 16/04/2009 10:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3006.2276 [GMT 10:00]
Running from: c:\users\Elie\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: BitDefender Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxxqosnmpbmwiitixxavqconjvqerpftvp.sys
c:\windows\system32\gaopdxinwrdhipytnxtbrtvqcidgitppppbtfa.dll
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-14 08:40 . 2009-04-14 08:42 -------- d-----w c:\users\Elie\AppData\Roaming\vlc
2009-04-14 08:32 . 2009-04-14 08:32 -------- d-----w c:\users\Elie\AppData\Local\Graboid_Inc
2009-04-14 08:32 . 2009-04-14 08:34 -------- d-----w c:\users\Elie\AppData\Local\Graboid
2009-04-14 08:31 . 2009-04-14 08:32 -------- d-----w c:\users\Elie\AppData\Roaming\MozillaControl
2009-04-13 23:05 . 2009-04-13 23:05 -------- d-----w c:\users\All Users\AOL
2009-04-13 23:05 . 2009-04-13 23:05 -------- d-----w c:\programdata\AOL
2009-04-11 09:52 . 2009-04-11 09:52 -------- d-----w c:\users\Guest\AppData\Roaming\BitDefender
2009-04-11 00:32 . 2009-04-11 00:32 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-10 04:50 . 2009-04-16 00:39 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-09 22:51 . 2009-04-09 22:51 850 ----a-w c:\windows\system32\ProductTweaks.xml
2009-04-09 22:51 . 2009-04-09 22:51 385 ----a-w c:\windows\system32\user_gensett.xml
2009-04-09 22:43 . 2009-04-09 22:43 -------- d-----w C:\Binaries
2009-04-09 22:38 . 2009-04-09 22:38 -------- d-----w c:\windows\system32\URTTEMP
2009-04-09 21:42 . 2009-04-09 21:42 -------- d-----w c:\users\Guest\.gimp-2.6
2009-04-09 21:42 . 2009-04-09 21:42 -------- d-----w c:\users\Guest\.gegl-0.0
2009-04-02 20:55 . 2009-04-02 20:55 -------- d-----w c:\users\Elie\AppData\Roaming\BitDefender
2009-04-02 20:54 . 2009-04-02 21:04 -------- d-----w c:\users\All Users\BitDefender
2009-04-02 20:54 . 2009-04-02 21:04 -------- d-----w c:\programdata\BitDefender
2009-04-02 11:57 . 2009-04-13 03:55 -------- d-----w c:\windows\system32\logs
2009-04-02 10:13 . 2009-04-02 10:13 -------- d--h--w c:\windows\msdownld.tmp
2009-04-02 02:22 . 2009-04-02 02:23 -------- d-----w c:\users\Guest\AppData\Roaming\Spyware Terminator
2009-04-01 04:55 . 2009-04-15 23:23 -------- d-----w c:\users\Elie\AppData\Roaming\Spyware Terminator
2009-04-01 04:55 . 2009-04-15 23:27 -------- d-----w c:\users\All Users\Spyware Terminator
2009-04-01 04:55 . 2009-04-15 23:27 -------- d-----w c:\programdata\Spyware Terminator
2009-03-31 23:41 . 2009-04-01 00:24 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-03-31 23:41 . 2009-04-01 00:24 -------- d-----w c:\programdata\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 00:40 . 2008-12-11 03:59 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-16 00:40 . 2008-12-11 03:59 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-16 00:40 . 2008-12-11 03:59 114688 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-16 00:40 . 2009-04-16 00:40 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-16 00:40 . 2009-04-16 00:40 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-16 00:27 . 2008-02-05 19:28 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 00:26 . 2008-12-20 05:38 -------- d-----w c:\users\Elie\AppData\Roaming\uTorrent
2009-04-16 00:25 . 2008-02-05 19:28 -------- d-----w c:\programdata\Symantec
2009-04-16 00:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-04-16 00:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-16 00:24 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-16 00:06 . 2008-12-29 06:29 41952 ----a-w c:\users\All Users\nvModes.dat
2009-04-16 00:06 . 2008-12-29 06:29 41952 ----a-w c:\programdata\nvModes.dat
2009-04-15 23:26 . 2009-04-01 04:55 -------- d-----w c:\program files\Spyware Terminator
2009-04-15 23:23 . 2009-04-15 23:23 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009041620090417\index.dat
2009-04-15 13:12 . 2009-04-14 20:28 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009041520090416\index.dat
2009-04-15 10:50 . 2009-01-20 05:17 -------- d-----w c:\program files\Steam
2009-04-14 08:31 . 2009-04-14 08:29 -------- d-----w c:\program files\Graboid
2009-04-14 08:31 . 2009-04-14 08:31 -------- d-----w c:\program files\Mozilla ActiveX Control v1.7.12
2009-04-14 08:31 . 2009-04-14 08:31 -------- d-----w c:\program files\VideoLAN
2009-04-14 08:20 . 2009-04-13 15:39 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009041420090415\index.dat
2009-04-13 09:45 . 2009-04-13 01:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009041320090414\index.dat
2009-04-13 07:35 . 2008-12-17 11:26 410984 ----a-w c:\windows\System32\deploytk.dll
2009-04-13 07:35 . 2009-04-13 07:35 -------- d-----w c:\program files\Java
2009-04-13 07:34 . 2008-02-05 19:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 04:12 . 2009-03-20 07:57 -------- d-----w c:\program files\HDExtrem
2009-04-13 03:55 . 2009-01-20 05:17 -------- d-----w c:\program files\Common Files\Steam
2009-04-13 01:06 . 2009-04-13 01:03 -------- d-----w c:\program files\WinClamAVShield
2009-04-13 01:02 . 2009-04-13 01:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009040620090413\index.dat
2009-04-12 09:15 . 2008-12-11 08:04 34 ----a-w c:\users\Elie\jagex_runescape_preferences.dat
2009-04-09 22:35 . 2009-04-02 20:43 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-07 07:28 . 2009-03-12 07:09 -------- d-----w c:\users\Elie\AppData\Roaming\gtk-2.0
2009-04-07 07:28 . 2008-12-17 01:38 -------- d-----w c:\programdata\FLEXnet
2009-04-07 01:56 . 2008-12-11 23:16 110600 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-06 12:31 . 2008-12-11 05:08 110600 ----a-w c:\users\Elie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-06 12:21 . 2008-12-11 08:26 7620 ----a-w c:\users\Elie\AppData\Local\d3d9caps.dat
2009-04-06 01:48 . 2009-04-06 01:48 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009040620090407\index.dat
2009-04-06 01:48 . 2009-04-06 01:48 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009033020090406\index.dat
2009-04-02 20:54 . 2009-04-02 11:56 -------- d-----w c:\program files\BitDefender
2009-04-02 08:36 . 2008-12-11 12:27 -------- d---a-w c:\programdata\TEMP
2009-04-01 00:24 . 2009-03-31 23:41 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-24 08:09 . 2008-12-19 09:18 -------- d-----w c:\users\Elie\AppData\Roaming\Ahead
2009-03-12 06:28 . 2009-03-12 06:28 -------- d-----w c:\program files\GIMP-2.0
2009-03-11 16:07 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-11 16:01 . 2008-02-05 20:18 -------- d-----w c:\programdata\Microsoft Help
2009-03-03 22:53 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-03 22:51 . 2009-03-03 22:51 -------- d-----w c:\program files\Microsoft.NET
2009-03-03 22:48 . 2009-03-03 22:48 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-03 22:15 . 2009-03-03 22:15 -------- d-----w c:\program files\Microsoft
2009-03-02 09:54 . 2009-03-02 09:54 -------- d-----w c:\programdata\WindowsSearch
2009-02-26 16:07 . 2008-12-29 06:19 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 03:45 . 2008-02-05 20:24 -------- d-----w c:\program files\Common Files\Adobe
2009-02-09 03:10 . 2009-03-11 03:27 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-29 02:43 . 2008-12-11 08:24 27240 ----a-w c:\users\Elie\AppData\Roaming\nvModes.dat
2008-12-16 09:52 . 2008-12-12 04:31 27335 ----a-w c:\users\Guest\AppData\Roaming\nvModes.dat
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-03-05 08:2009-04-09 22:51 08:04 . c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-15 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-11 2176000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-13 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 04:18 94208 ----a-w c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-01-20 05:18 1410296 ----a-w c:\program files\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B00316F4-ABB8-4645-9A7C-BF0C06915B2A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CAD4342A-3A28-4484-82B8-1C45487B7788}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F37470A3-A5A7-40D0-B31E-E3BE1B3E5A34}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{D0DC0D66-1F1D-4C04-925B-86DF35692B88}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{29DD3B25-6D69-40D6-95E3-BA649461382C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{159093C7-4DB9-48C5-9515-F364F7D78DE4}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A8C3EBDC-14F4-43F9-81EC-640A904D2AF7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D62975E5-A4C0-4C76-AF05-CBD1E8CF04B3}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4053B067-888B-4F67-A8BF-325BDA602AA0}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{37FED7FB-EE6B-4199-BB52-0364DB672727}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{3556D208-9982-4C2C-9A71-5E8F4E658253}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{E306C34D-8A62-4A12-87CE-A237FB111F09}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A462304E-865C-47CB-BC73-65084365153E}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{849B04EA-6E3D-49E0-A502-4D84619D535A}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{DA519CE9-F29D-4F99-A5D4-B661E44E3CE1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B2CEE7C6-7455-41EF-A45A-2B06E2286E5D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{77441DD7-332E-4283-B143-830B238E5903}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{98903AF6-EA19-41D7-8A0E-08C73370109A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{522F3356-11DF-4407-AA5F-E15E60EDCDE7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E479EC4B-1559-4FA4-BEC5-5E178858FBA3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{97034F0D-608D-4244-9B1B-F5E33CE2E85F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AAABBAED-8148-47DE-AC31-F99BC171FFB6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B3F4900C-9DFB-463E-934B-31D81BF225E5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3214941F-BE29-4310-AA1A-6348D952E13B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6CE26D7E-5898-4A64-A731-1656DCD77B71}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{05F20F7C-FE4D-4075-977D-BB8E92AC886C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DF618AD2-1432-4895-85B5-7D05E17FFE2B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{98D313C1-5CEC-4188-A3B4-7B5BF3E8EF42}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6EDEC24-2F91-45B5-9370-DEB06FEEF851}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D495B59F-85C0-4DC9-B5BF-7CF499CEDEF7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DE3502FF-7A91-44B0-AA7E-FA43DD0C3D05}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F8DFD2AA-4963-4ACA-9C4B-F9535C1CEF97}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2C087208-4D9F-4A44-B9FF-0F30C0F370C9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{73350B00-8AC4-4C30-9D93-18A63E9534CB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0FDC1DB6-8C8D-4C34-8742-EE4D4DA52DAB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E7D0C1BC-A9F5-40C7-BF36-256EE0A4F391}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FA3ED02E-4904-42AF-87B9-8D373142C7FD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6698BADB-60EA-4BC1-BDC0-CF8B8B2E428D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F7B7857F-BA3C-4A2D-A90C-67AD0C979A02}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D78B80F-53B5-4204-A086-E5EF825A36EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4DFF36D2-42BB-465A-8A7A-31132BD3A628}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{179F76DA-1310-4905-99AD-0C84164BAB38}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{084FEE51-D8D6-46A7-9188-5D8D18D7D9B1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{622EED3E-65B7-41CC-9B21-76BD8E16EC1A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2BD0D0D2-FFEC-43CA-B1C8-36DB855F60CA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{386F8D24-07DD-4A17-BEF2-A54855A0C0E9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5BDF3E1B-2BBE-4589-95E8-4EA1FB75DEDB}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5D90EC01-E602-4B16-8211-335EE86992ED}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CE4F5BFB-097E-4FD5-9626-4FF81A9C1F92}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D2468B16-0BBD-4088-BFDC-BACD82E13590}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D85F4B55-A1D2-45C6-90EB-9F1E26E6169D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8CCE5BA8-686D-4BD1-826A-C045EDF5FEAF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E233E3F2-F668-47CB-AB6D-A2EE172FF89D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{80F840F9-A966-45A9-88C8-EDE1C3480412}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AE9FB57C-6439-4BF5-9B41-86F55240E5E2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{22AE1AC5-54DE-487C-B9A9-EF96760859AC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D76E3FB3-7AB1-489D-A481-55DFCA8F30F9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\User_Feed_Synchronization-{01358ADA-62D2-42AB-AED5-941D1A94178C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe


.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Elie\AppData\Roaming\Mozilla\Firefox\Profiles\fkpnuq5y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 10:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-04-16 10:52
ComboFix-quarantined-files.txt 2009-04-16 00:52

Pre-Run: 62,345,175,040 bytes free
Post-Run: 63,073,398,784 bytes free

260 --- E O F --- 2009-03-19 14:57

#12 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:03:54 PM

Posted 16 April 2009 - 05:25 AM

Hello,

One of the infections found was a rootkit, so you should know the following:

:thumbup2: Rootkit Warning

Rootkits are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control again. and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Please let me know what you decide to do.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#13 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:03:54 PM

Posted 19 April 2009 - 08:05 PM

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users