Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GOOGLE REDIRECT


  • This topic is locked This topic is locked
34 replies to this topic

#1 martin1810

martin1810

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 02 June 2009 - 05:24 AM

I have been having trouble with google redirect. It sent me to wrong web addresses, gave false internet explorer "can't connect" messages and blocked access to antivirus sites.
It also always opens the first search in a new window. After nearly 100hrs of searching I found some antivirus sites that weren't blocked and managed to download hijackthis. That's when I found out that .exe files wouldn't run on my computer. I managed to download and run hijackthis as an autorun zip file at last. Using the net I sorted out the obvious silly codes and removed them. (I know I shouldn't). I was then able to download and run combofix. Couldn't download, store and run under supervision as no .exe working. Combofix found a "root" virus and removed it.
A rerun with combofix shows computer clean BUT I am still getting one obvious redirect every time I google search and first search always opens a new window no matter what settings I have on the computer or google. SO for my first post HELP. P.S I have two computers using XP with the same symptoms and a laptop using vista home with the same symptoms. HELP !!!! I would love to blame my teenage son for all this but I think it might be my fault.

Edited by martin1810, 02 June 2009 - 05:25 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 AM

Posted 02 June 2009 - 08:05 AM

Hi martin1810,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To avoid confusion we concentrate on one of the computers with Windows XP. If in the course of action is needed you may start a separate topic for each one of them. Sometime the problems are related or similar and there is no need for assistance.

  • I need to see the ComboFix.txt from the first run. If you have run ComboFix just once the log is here: C:\combofix.txt
    If you have run ComboFix more than once please copy/paste the combofix.txt from the the first run located at C:\Qoobox\combofixX.txt. Where X is a number. Please post the one with the highest number.

  • Please download http://OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click Run Scan button.
  • Two reports will open, copy and paste the first log to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[/list]

#3 martin1810

martin1810
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 02 June 2009 - 12:31 PM

ComboFix 09-05-31.06 - Administrator 01/06/2009 20:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3326.2942 [GMT 1:00]
Running from: c:\downloads\Toolb.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\drivers\gxvxcivmlqgoejkrnrkwloultownjgodlskba.sys
c:\windows\system32\drivers\gxvxcjkwbaviygtexylkyxmkmkvvrpjdldebw.sys
c:\windows\system32\gxvxcdstitgirkejalxboejbgshvhwuktvdyf.dll
c:\windows\system32\gxvxcqpultepwfumpxuowbdcvnmsgmlsqsmlq.dll
c:\windows\system32\hlvdd.dll
c:\windows\system32\systeminfo3.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 16:48 . 2009-06-01 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-01 16:08 . 2009-06-01 16:49 12 ---h--w- c:\documents and settings\All Users\Application Data\userlib.dll
2009-06-01 16:08 . 2009-06-01 16:08 -------- d-----w- c:\program files\PaulMarv Software
2009-06-01 12:49 . 2009-06-01 12:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-01 12:49 . 2009-06-01 12:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-01 12:49 . 2009-06-01 12:49 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 12:49 . 2009-06-01 12:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-01 12:49 . 2009-06-01 13:03 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-01 12:49 . 2009-06-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-01 12:07 . 2009-06-01 12:07 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-01 11:59 . 2009-06-01 11:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-01 11:58 . 2009-06-01 11:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-01 11:58 . 2009-06-01 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 11:58 . 2009-06-01 11:58 -------- d-----w- c:\program files\Browser Configuration Utility
2009-06-01 11:58 . 2008-05-02 14:08 146528 ----a-w- c:\windows\system32\dvmurl.dll
2009-06-01 11:53 . 2009-06-01 11:55 -------- d-----w- c:\windows\NV34603464.TMP
2009-06-01 10:47 . 2009-06-01 10:47 -------- d-----w- c:\program files\Common Files\Java
2009-06-01 10:31 . 2009-06-01 10:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-05-31 20:11 . 2009-05-31 20:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-05-31 20:10 . 2009-05-31 20:11 -------- d-----w- c:\program files\Google
2009-05-31 19:47 . 2009-05-31 18:49 218112 ----a-w- c:\program files\HijackThis[1].exe
2009-05-31 13:54 . 2009-06-01 10:45 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-31 10:59 . 2009-06-01 10:21 -------- d-----w- c:\program files\Panda Security
2009-05-28 16:51 . 2009-05-28 16:51 -------- d-----w- c:\program files\Trend Micro
2009-05-28 14:27 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 14:27 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-27 18:52 . 2009-05-27 19:38 -------- d-----w- c:\program files\MagicDVDCopier
2009-05-16 15:30 . 2009-05-16 15:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Logitech
2009-05-16 15:28 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-05-16 15:28 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-05-16 15:28 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-05-16 15:28 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-05-16 15:28 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-05-16 15:27 . 2009-05-16 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-05-16 15:27 . 2009-05-16 15:30 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-16 15:27 . 2009-05-16 15:27 -------- d-----w- c:\program files\Logitech
2009-05-16 15:27 . 2009-05-16 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-16 10:57 . 2005-11-09 07:44 24064 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-05-16 10:57 . 2006-11-30 10:06 69632 ----a-w- c:\windows\system32\hasp_inst_help1.dll
2009-05-16 10:57 . 2005-09-06 16:06 28672 ----a-w- c:\windows\system32\hlduinst.exe
2009-05-16 10:57 . 2006-12-20 10:55 3066968 ----a-w- c:\windows\system32\hinstd.dll
2009-05-16 10:57 . 2006-12-20 09:00 671112 ----a-w- c:\windows\system32\hdinst_windows.dll
2009-05-16 10:57 . 2006-12-20 09:00 2511360 ----a-w- c:\windows\system32\haspds_windows.dll
2009-05-16 10:57 . 2002-07-26 16:02 153088 ----a-w- c:\windows\system32\UNWISE.EXE
2009-05-16 10:41 . 2009-05-16 10:41 -------- d-----w- C:\Tecar Forum
2009-05-10 20:47 . 2009-05-10 20:47 -------- d-----w- c:\program files\AVG
2009-05-10 13:04 . 2009-05-10 13:08 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-05-07 14:20 . 2009-05-07 14:20 -------- d--h--w- C:\BJPrinter
2009-05-07 14:20 . 2003-02-28 04:30 5632 ----a-w- c:\windows\system32\CNMVS50.DLL
2009-05-07 14:20 . 2003-02-28 04:30 100352 ----a-w- c:\windows\system32\CNMLM50.DLL
2009-05-07 14:18 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-05-07 14:18 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 16:08 . 2009-06-01 16:08 12 ---h--w- c:\documents and settings\All Users\Application Data\ntcache.dat
2009-06-01 12:12 . 2009-04-17 15:00 16608 ----a-w- c:\windows\gdrv.sys
2009-06-01 10:50 . 2009-06-01 10:50 0 ----a-w- c:\windows\system32\REN18.tmp
2009-06-01 10:50 . 2009-06-01 10:50 0 ----a-w- c:\windows\system32\REN17.tmp
2009-06-01 10:50 . 2009-06-01 10:50 0 ----a-w- c:\windows\system32\REN16.tmp
2009-06-01 10:50 . 2009-04-26 13:15 -------- d-----w- c:\program files\Java
2009-05-30 11:49 . 2009-04-21 11:27 51272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 12:25 . 2009-04-17 14:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-21 08:47 . 2009-04-25 11:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-05-16 15:28 . 2009-05-16 15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-16 15:28 . 2009-05-16 15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-16 15:28 . 2009-05-16 15:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-14 16:02 . 2009-04-17 15:11 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-04-30 18:59 . 2009-04-29 19:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-04-29 17:35 . 2009-04-29 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-27 21:18 . 2009-04-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-04-27 21:14 . 2009-04-27 21:10 -------- d-----w- c:\program files\motorola phone tools
2009-04-27 21:14 . 2009-04-27 21:14 9232 ----a-w- c:\documents and settings\Administrator\mqdmmdfl.sys
2009-04-27 21:14 . 2009-04-27 21:14 92064 ----a-w- c:\documents and settings\Administrator\mqdmmdm.sys
2009-04-27 21:14 . 2009-04-27 21:14 79328 ----a-w- c:\documents and settings\Administrator\mqdmserd.sys
2009-04-27 21:14 . 2009-04-27 21:14 66656 ----a-w- c:\documents and settings\Administrator\mqdmbus.sys
2009-04-27 21:14 . 2009-04-27 21:14 6208 ----a-w- c:\documents and settings\Administrator\mqdmcmnt.sys
2009-04-27 21:14 . 2009-04-27 21:14 5936 ----a-w- c:\documents and settings\Administrator\mqdmwhnt.sys
2009-04-27 21:14 . 2009-04-27 21:14 4048 ----a-w- c:\documents and settings\Administrator\mqdmcr.sys
2009-04-27 21:14 . 2009-04-27 21:14 25600 ----a-w- c:\documents and settings\Administrator\usbsermptxp.sys
2009-04-27 21:14 . 2009-04-27 21:14 22768 ----a-w- c:\documents and settings\Administrator\usbsermpt.sys
2009-04-26 13:15 . 2009-04-26 13:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-25 11:08 . 2009-04-25 11:08 -------- d-----w- c:\program files\VideoLAN
2009-04-24 09:25 . 2009-04-24 09:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-04-24 09:20 . 2009-04-24 09:20 7278049 ----a-w- c:\program files\klcodec475s.exe
2009-04-22 17:14 . 2009-04-22 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-04-21 17:10 . 2009-04-21 17:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-04-18 17:19 . 2009-04-17 15:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-18 17:17 . 2009-04-18 17:17 -------- d-----w- c:\program files\Diagnose-BK
2009-04-17 21:12 . 2009-04-17 21:12 -------- d-----w- c:\program files\microsoft frontpage
2009-04-17 21:08 . 2009-04-17 21:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-17 19:50 . 2009-04-17 19:50 64351616 ----a-w- c:\program files\avg_avwt_stf_en_85_287a1483.exe
2009-04-17 15:12 . 2009-04-17 15:09 -------- d-----w- c:\program files\GIGABYTE
2009-04-17 15:05 . 2009-04-17 15:02 -------- d-----w- c:\program files\Realtek
2009-04-17 15:02 . 2009-04-17 15:02 319488 ----a-w- c:\windows\HideWin.exe
2009-04-17 15:01 . 2009-04-17 15:01 -------- d-----w- c:\program files\AMD
2009-04-17 14:59 . 2009-04-17 14:59 -------- d-----w- c:\program files\AGEIA Technologies
2009-04-17 14:51 . 2009-04-17 21:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-17 14:34 . 2009-04-17 14:34 -------- d-----w- c:\program files\Microsoft.NET
2009-04-17 14:34 . 2009-04-17 14:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|ΠΗ" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-31 68592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-01 1947928]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-01 12:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/06/2009 13:49 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/06/2009 13:49 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/06/2009 13:49 298776]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [18/04/2009 18:18 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [18/04/2009 18:18 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [18/04/2009 18:18 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [18/04/2009 18:18 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [18/04/2009 18:26 249856]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [18/04/2009 18:18 81920]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [18/04/2009 18:18 1306624]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [17/04/2009 16:11 24944]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\elsawin\bin\wiprot.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 20:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1682526488-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,c5,21,6e,fc,99,e0,4c,b6,d1,09,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,c5,21,6e,fc,99,e0,4c,b6,d1,09,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-06-01 20:27
ComboFix-quarantined-files.txt 2009-06-01 19:27

Pre-Run: 473,385,099,264 bytes free
Post-Run: 473,395,249,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

218

Quarantine list follows.

2009-06-01 19:27:24 . 2009-06-01 19:27:24 562 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-procexp90.Sys.reg.dat
2009-06-01 19:27:20 . 2009-06-01 19:27:20 152 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SunJavaUpdateSched.reg.dat
2009-06-01 19:26:51 . 2009-06-02 09:30:10 5,813 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-06-01 19:14:10 . 2009-06-01 19:14:10 951 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_GXVXCSERV.SYS.reg.dat
2009-06-01 19:08:51 . 2009-06-02 09:28:50 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-05-28 17:05:02 . 2002-12-31 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\regedit.com.vir
2009-05-28 10:39:12 . 2009-05-28 10:39:12 48,128 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcivmlqgoejkrnrkwloultownjgodlskba.sys.vir
2009-05-27 19:38:07 . 2009-05-27 19:38:07 27,649 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcdstitgirkejalxboejbgshvhwuktvdyf.dll.vir
2009-05-27 19:38:07 . 2009-05-27 19:38:07 22,529 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcqpultepwfumpxuowbdcvnmsgmlsqsmlq.dll.vir
2009-05-27 19:38:07 . 2009-05-27 19:38:07 48,128 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcjkwbaviygtexylkyxmkmkvvrpjdldebw.sys.vir
2009-05-16 10:57:22 . 2009-05-16 10:57:22 191,488 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hlvdd.dll.vir
2009-04-29 19:29:42 . 2009-04-29 19:29:42 14 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\systeminfo3.dll.vir



Hi Farbar. This is the first combofix log followed by the quarantine log. Thanks for getting in touch. I now have a silentrunners log as well which seems to show that the ie registry settings have been hijacked. I have looked at some of the settings but they refuse to accept a change. Thanks for the help. Martin

Edited by martin1810, 02 June 2009 - 12:33 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 AM

Posted 02 June 2009 - 01:51 PM

Hi Martin,

The hijacked IE setting I can see on the ComboFix log. No need for silent runners. However, what I can't see are other logs I requested. :thumbup2:

Edited by farbar, 02 June 2009 - 01:52 PM.


#5 martin1810

martin1810
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 02 June 2009 - 02:04 PM

Hi Farbar
Sorry. I'm an idiot. Here is the log. Thanks again. Martin


OTL logfile created on: 02/06/2009 20:00:06 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 440.82 Gb Free Space | 94.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2002/12/31 13:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/08/26 06:51:18 | 16,851,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/06/01 13:49:24 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/05/31 21:11:05 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2009/06/01 13:49:24 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/28 15:09:50 | 00,147,456 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2008/04/28 14:52:32 | 00,241,664 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe
PRC - [2008/04/28 15:05:38 | 00,217,088 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe
PRC - [2009/06/01 13:49:25 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2008/04/28 14:53:14 | 00,368,640 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe
PRC - [2009/06/01 13:49:25 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/04/28 15:03:50 | 00,249,856 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrSaz.exe
PRC - [2009/02/09 06:18:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/28 15:12:44 | 00,081,920 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\VSgate.exe
PRC - [2008/04/28 15:02:28 | 01,306,624 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2002/12/31 13:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/02 19:59:27 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/01 13:49:24 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/05/31 21:11:02 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2002/12/31 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - File not found -- -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2008/04/28 15:09:50 | 00,147,456 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm [Auto | Running])
SRV - [2008/04/28 15:02:28 | 01,306,624 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf [On_Demand | Running])
SRV - [2008/04/28 14:52:32 | 00,241,664 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba [Auto | Running])
SRV - [2008/04/28 15:05:38 | 00,217,088 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis [Auto | Running])
SRV - [2008/04/28 14:53:14 | 00,368,640 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS [Auto | Running])
SRV - [2008/04/28 15:03:50 | 00,249,856 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz [Auto | Running])
SRV - [2009/02/09 06:18:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/28 15:12:44 | 00,081,920 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\VSgate.exe -- (VSGate [Auto | Running])
SRV - File not found -- -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2009/06/01 13:49:33 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/01 13:49:32 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/01 13:49:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2007/10/11 11:10:52 | 00,030,008 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\Drivers\ET5Drv.sys -- (ET5Drv [On_Demand | Stopped])
DRV - [2009/06/01 13:12:18 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2009/05/14 17:02:22 | 00,024,944 | ---- | M] () -- C:\WINDOWS\system32\Drivers\GVTDrv.sys -- (GVTDrv [On_Demand | Stopped])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/08/27 10:22:24 | 04,754,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/02/29 03:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2009/02/09 06:18:00 | 06,307,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/12/31 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/08/07 12:14:56 | 00,111,360 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2002/12/31 13:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-57989841-1682526488-839522115-500\S-1-5-21-57989841-1682526488-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-57989841-1682526488-839522115-500\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-57989841-1682526488-839522115-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-57989841-1682526488-839522115-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun (Google Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-57989841-1682526488-839522115-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll (TODO: <Company name>)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/17 22:11:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/28 14:58:22 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/02 19:59:27 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/06/02 19:59:27 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/06/02 16:26:54 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/06/02 11:35:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/02 10:31:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/06/02 10:31:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\temp
[2009/06/01 20:10:52 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2009/06/01 20:10:49 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/06/01 20:10:49 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/06/01 20:08:56 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/06/01 20:08:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/06/01 20:08:56 | 00,154,624 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/01 20:08:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/06/01 20:08:56 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/01 20:08:56 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/01 20:08:56 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/01 20:08:56 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/06/01 20:08:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/01 20:08:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/01 17:48:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2009/06/01 17:08:34 | 00,000,012 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\userlib.dll
[2009/06/01 17:08:34 | 00,000,012 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ntcache.dat
[2009/06/01 17:08:31 | 00,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\File&Folder Properties Changer.lnk
[2009/06/01 17:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\PaulMarv Software
[2009/06/01 17:06:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/06/01 13:49:35 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/01 13:49:35 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/01 13:49:34 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/01 13:49:33 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/01 13:49:32 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/01 13:49:29 | 36,724,789 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/01 13:49:29 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/01 13:49:29 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/01 13:49:29 | 00,064,058 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/01 13:49:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/01 13:49:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/01 13:07:13 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/06/01 12:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/06/01 12:58:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2009/06/01 12:58:40 | 00,146,528 | ---- | C] (DeviceVM Inc.) -- C:\WINDOWS\System32\dvmurl.dll
[2009/06/01 12:58:40 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/06/01 12:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\Browser Configuration Utility
[2009/06/01 12:54:01 | 00,205,204 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/01 12:53:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV34603464.TMP
[2009/06/01 11:47:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/05/31 21:10:44 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/05/31 21:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/05/31 20:47:18 | 00,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis[1].exe
[2009/05/31 14:23:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/31 11:59:10 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/05/30 22:33:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/05/30 14:08:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2009/05/30 14:05:19 | 00,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/05/28 17:51:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/28 15:27:16 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/28 15:27:15 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/28 14:58:22 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/05/27 20:38:07 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\gxvxccount
[2009/05/27 19:52:48 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Magic DVD Copier.lnk
[2009/05/27 19:52:47 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDVDCopier
[2009/05/16 16:30:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Logitech
[2009/05/16 16:28:56 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/05/16 16:28:45 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2009/05/16 16:28:42 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/05/16 16:28:06 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2009/05/16 16:28:01 | 00,170,512 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\kemutb.dll
[2009/05/16 16:28:01 | 00,145,936 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemUtil.dll
[2009/05/16 16:28:01 | 00,117,264 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemWnd.dll
[2009/05/16 16:28:01 | 00,084,496 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemXML.dll
[2009/05/16 16:27:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/05/16 16:27:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2009/05/16 16:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/05/16 16:27:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/05/16 11:57:48 | 00,693,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.bak
[2009/05/16 11:57:48 | 00,000,138 | ---- | C] () -- C:\WINDOWS\System32\drivers\mylock.fst
[2009/05/16 11:57:23 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hardlock.sys
[2009/05/16 11:57:18 | 00,069,632 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\hasp_inst_help1.dll
[2009/05/16 11:57:18 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2009/05/16 11:57:17 | 03,066,968 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\hinstd.dll
[2009/05/16 11:57:17 | 02,511,360 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\haspds_windows.dll
[2009/05/16 11:57:17 | 00,671,112 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hdinst_windows.dll
[2009/05/16 11:57:17 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2009/05/16 11:56:27 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ETKA 7.2.lnk
[2009/05/16 11:41:20 | 00,000,000 | ---D | C] -- C:\Tecar Forum
[2009/05/13 20:36:42 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.ref
[2009/05/10 21:47:44 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/05/10 19:48:24 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\plugin.ocx
[2009/05/10 19:48:24 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2009/05/10 19:48:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/05/10 19:48:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/05/10 14:04:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/05/07 15:20:20 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2009/05/07 15:20:12 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL
[2009/05/07 15:18:23 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/05/07 15:18:23 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/05/06 14:12:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CUSTOMER INVOICES
[2009/05/06 14:09:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CELICA
[2009/05/06 14:06:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\WORD DOCUMENTS
[2009/05/06 14:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ACROBAT DOCUMENTS
[2009/05/06 13:58:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\OLD INVOICES
[2009/05/06 13:16:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\VWDIAGRAMS
[2009/05/06 13:15:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\TAX
[2009/05/06 13:15:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\STOCK
[2009/05/06 13:14:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PUBLISHER DOCUMENTS
[2009/05/06 12:53:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Orange
[2009/05/06 12:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\OLDACCOUNTS
[2009/05/06 12:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\JACKIE
[2009/05/06 12:49:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EXCEL DOCUMENTS
[2009/05/06 12:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CREDIT
[2009/05/06 12:49:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CHRIS
[2009/05/06 12:47:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ACCOUNTS
[2009/04/25 14:36:47 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009/04/24 10:24:50 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/21 17:35:20 | 00,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/19 15:16:31 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2009/04/17 16:11:09 | 00,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/04/17 15:34:32 | 00,000,904 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/21 08:25:20 | 00,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/02/09 06:18:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/09 06:18:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/09 06:18:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/09 06:18:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/31 13:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/12/31 13:00:00 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\syscvchk.dll
[2002/12/31 13:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/12/31 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/06/02 19:59:27 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/06/02 17:56:21 | 36,724,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/02 17:56:11 | 00,064,058 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/02 16:48:45 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/02 16:48:45 | 00,315,282 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/02 16:48:45 | 00,041,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/02 16:44:35 | 00,205,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/02 16:44:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/06/02 16:44:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/02 16:44:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/02 16:42:11 | 00,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/02 16:26:54 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/06/02 11:07:33 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\e-mail.lnk
[2009/06/02 10:30:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/01 20:10:52 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009/06/01 17:49:05 | 00,000,012 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\userlib.dll
[2009/06/01 17:08:34 | 00,000,012 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ntcache.dat
[2009/06/01 17:08:31 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\File&Folder Properties Changer.lnk
[2009/06/01 14:05:16 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\gxvxccount
[2009/06/01 14:03:20 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/01 14:03:20 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/01 13:49:35 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/01 13:49:35 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/01 13:49:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/01 13:49:33 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/01 13:49:32 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/01 12:59:08 | 00,000,223 | ---- | M] () -- C:\Boot.bak
[2009/05/31 20:48:23 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Excel.lnk
[2009/05/31 20:48:12 | 00,002,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Publisher.lnk
[2009/05/31 11:08:41 | 00,154,624 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/30 14:05:00 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/29 23:51:02 | 00,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/27 19:52:48 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Magic DVD Copier.lnk
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/25 16:47:11 | 00,000,056 | ---- | M] () -- C:\WINDOWS\Acroread.ini
[2009/05/16 16:28:56 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/05/16 16:28:45 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2009/05/16 16:28:42 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/05/16 16:28:06 | 00,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/05/16 16:28:06 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2009/05/16 11:56:27 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ETKA 7.2.lnk
[2009/05/14 17:02:22 | 00,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/05/14 17:02:22 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2009/05/04 11:15:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
< End of report >

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 AM

Posted 02 June 2009 - 03:06 PM

  • Click on this link--> virustotal

    Click the browse button. Copy and paste the line in bold in the open box, then click Send File.

    C:\WINDOWS\System32\syscvchk.dll

    If the file is analyzed before, click Reanalyse File Now button.
    Please copy and paste the results of the scan in your next post.

  • Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/231094/google-redirect/?p=1285710
    
    Collect::
    C:\WINDOWS\system32\DRIVERS\secdrv.sys
    C:\WINDOWS\System32\gxvxccount
    Folder::
    C:\WINDOWS\System32\gxvxccount
    Driver::
    Secdrv
    RegLock::
    [HKEY_USERS\S-1-5-21-57989841-1682526488-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GEST"=-

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Please go to start > run > copy and paste the following to the run box and click OK:

    iexplore.exe http://update.microsoft.com/

    Tell me if you are able to get to Windows update page. If yes close it window, you don't need to update Windows now.

Edited by farbar, 02 June 2009 - 03:10 PM.


#7 martin1810

martin1810
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 02 June 2009 - 04:05 PM

Hi Farbar, as you can see all results came back negative.


File syscvchk.dll received on 2009.06.02 21:00:23 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 61 and 87 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -

NEW COMBOFIX LOG

ComboFix 09-05-31.06 - Administrator 02/06/2009 22:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3326.2888 [GMT 1:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\windows\system32\DRIVERS\secdrv.sys
file zipped: c:\windows\System32\gxvxccount
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\DRIVERS\secdrv.sys
c:\windows\System32\gxvxccount

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Secdrv


((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-01 16:48 . 2009-06-01 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-01 16:08 . 2009-06-01 16:49 12 ---h--w- c:\documents and settings\All Users\Application Data\userlib.dll
2009-06-01 16:08 . 2009-06-01 16:08 -------- d-----w- c:\program files\PaulMarv Software
2009-06-01 12:49 . 2009-06-01 12:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-01 12:49 . 2009-06-01 12:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-01 12:49 . 2009-06-01 12:49 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 12:49 . 2009-06-01 12:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-01 12:49 . 2009-06-02 16:56 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-01 12:49 . 2009-06-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-01 12:07 . 2009-06-01 12:07 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-01 11:59 . 2009-06-01 11:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-01 11:58 . 2009-06-01 11:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-01 11:58 . 2009-06-01 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 11:58 . 2009-06-01 11:58 -------- d-----w- c:\program files\Browser Configuration Utility
2009-06-01 11:58 . 2008-05-02 14:08 146528 ----a-w- c:\windows\system32\dvmurl.dll
2009-06-01 11:53 . 2009-06-01 11:55 -------- d-----w- c:\windows\NV34603464.TMP
2009-06-01 10:47 . 2009-06-01 10:47 -------- d-----w- c:\program files\Common Files\Java
2009-06-01 10:31 . 2009-06-01 10:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-05-31 20:11 . 2009-05-31 20:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-05-31 20:10 . 2009-05-31 20:11 -------- d-----w- c:\program files\Google
2009-05-31 19:47 . 2009-05-31 18:49 218112 ----a-w- c:\program files\HijackThis[1].exe
2009-05-31 13:54 . 2009-06-01 10:45 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-31 10:59 . 2009-06-01 10:21 -------- d-----w- c:\program files\Panda Security
2009-05-28 16:51 . 2009-05-28 16:51 -------- d-----w- c:\program files\Trend Micro
2009-05-28 14:27 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 14:27 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-27 18:52 . 2009-05-27 19:38 -------- d-----w- c:\program files\MagicDVDCopier
2009-05-16 15:30 . 2009-05-16 15:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Logitech
2009-05-16 15:28 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-05-16 15:28 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-05-16 15:28 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-05-16 15:28 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-05-16 15:28 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-05-16 15:27 . 2009-05-16 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-05-16 15:27 . 2009-05-16 15:30 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-16 15:27 . 2009-05-16 15:27 -------- d-----w- c:\program files\Logitech
2009-05-16 15:27 . 2009-05-16 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-16 10:57 . 2005-11-09 07:44 24064 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-05-16 10:57 . 2006-11-30 10:06 69632 ----a-w- c:\windows\system32\hasp_inst_help1.dll
2009-05-16 10:57 . 2005-09-06 16:06 28672 ----a-w- c:\windows\system32\hlduinst.exe
2009-05-16 10:57 . 2006-12-20 10:55 3066968 ----a-w- c:\windows\system32\hinstd.dll
2009-05-16 10:57 . 2006-12-20 09:00 671112 ----a-w- c:\windows\system32\hdinst_windows.dll
2009-05-16 10:57 . 2006-12-20 09:00 2511360 ----a-w- c:\windows\system32\haspds_windows.dll
2009-05-16 10:57 . 2002-07-26 16:02 153088 ----a-w- c:\windows\system32\UNWISE.EXE
2009-05-16 10:41 . 2009-05-16 10:41 -------- d-----w- C:\Tecar Forum
2009-05-10 20:47 . 2009-05-10 20:47 -------- d-----w- c:\program files\AVG
2009-05-10 13:04 . 2009-05-10 13:08 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-05-07 14:20 . 2009-05-07 14:20 -------- d--h--w- C:\BJPrinter
2009-05-07 14:20 . 2003-02-28 04:30 5632 ----a-w- c:\windows\system32\CNMVS50.DLL
2009-05-07 14:20 . 2003-02-28 04:30 100352 ----a-w- c:\windows\system32\CNMLM50.DLL
2009-05-07 14:18 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-05-07 14:18 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 16:08 . 2009-06-01 16:08 12 ---h--w- c:\documents and settings\All Users\Application Data\ntcache.dat
2009-06-01 12:12 . 2009-04-17 15:00 16608 ----a-w- c:\windows\gdrv.sys
2009-06-01 10:50 . 2009-06-01 10:50 0 ----a-w- c:\windows\system32\REN18.tmp
2009-06-01 10:50 . 2009-06-01 10:50 0 ----a-w- c:\windows\system32\REN17.tmp
2009-06-01 10:50 . 2009-06-01 10:50 0 ----a-w- c:\windows\system32\REN16.tmp
2009-06-01 10:50 . 2009-04-26 13:15 -------- d-----w- c:\program files\Java
2009-05-30 11:49 . 2009-04-21 11:27 51272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 12:25 . 2009-04-17 14:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-21 08:47 . 2009-04-25 11:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-05-16 15:28 . 2009-05-16 15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-16 15:28 . 2009-05-16 15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-16 15:28 . 2009-05-16 15:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-14 16:02 . 2009-04-17 15:11 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-04-30 18:59 . 2009-04-29 19:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-04-29 17:35 . 2009-04-29 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-27 21:18 . 2009-04-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-04-27 21:14 . 2009-04-27 21:10 -------- d-----w- c:\program files\motorola phone tools
2009-04-27 21:14 . 2009-04-27 21:14 9232 ----a-w- c:\documents and settings\Administrator\mqdmmdfl.sys
2009-04-27 21:14 . 2009-04-27 21:14 92064 ----a-w- c:\documents and settings\Administrator\mqdmmdm.sys
2009-04-27 21:14 . 2009-04-27 21:14 79328 ----a-w- c:\documents and settings\Administrator\mqdmserd.sys
2009-04-27 21:14 . 2009-04-27 21:14 66656 ----a-w- c:\documents and settings\Administrator\mqdmbus.sys
2009-04-27 21:14 . 2009-04-27 21:14 6208 ----a-w- c:\documents and settings\Administrator\mqdmcmnt.sys
2009-04-27 21:14 . 2009-04-27 21:14 5936 ----a-w- c:\documents and settings\Administrator\mqdmwhnt.sys
2009-04-27 21:14 . 2009-04-27 21:14 4048 ----a-w- c:\documents and settings\Administrator\mqdmcr.sys
2009-04-27 21:14 . 2009-04-27 21:14 25600 ----a-w- c:\documents and settings\Administrator\usbsermptxp.sys
2009-04-27 21:14 . 2009-04-27 21:14 22768 ----a-w- c:\documents and settings\Administrator\usbsermpt.sys
2009-04-26 13:15 . 2009-04-26 13:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-25 11:08 . 2009-04-25 11:08 -------- d-----w- c:\program files\VideoLAN
2009-04-24 09:25 . 2009-04-24 09:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-04-24 09:20 . 2009-04-24 09:20 7278049 ----a-w- c:\program files\klcodec475s.exe
2009-04-22 17:14 . 2009-04-22 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-04-21 17:10 . 2009-04-21 17:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-04-18 17:19 . 2009-04-17 15:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-18 17:17 . 2009-04-18 17:17 -------- d-----w- c:\program files\Diagnose-BK
2009-04-17 21:12 . 2009-04-17 21:12 -------- d-----w- c:\program files\microsoft frontpage
2009-04-17 21:08 . 2009-04-17 21:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-17 19:50 . 2009-04-17 19:50 64351616 ----a-w- c:\program files\avg_avwt_stf_en_85_287a1483.exe
2009-04-17 15:12 . 2009-04-17 15:09 -------- d-----w- c:\program files\GIGABYTE
2009-04-17 15:05 . 2009-04-17 15:02 -------- d-----w- c:\program files\Realtek
2009-04-17 15:02 . 2009-04-17 15:02 319488 ----a-w- c:\windows\HideWin.exe
2009-04-17 15:01 . 2009-04-17 15:01 -------- d-----w- c:\program files\AMD
2009-04-17 14:59 . 2009-04-17 14:59 -------- d-----w- c:\program files\AGEIA Technologies
2009-04-17 14:51 . 2009-04-17 21:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-17 14:34 . 2009-04-17 14:34 -------- d-----w- c:\program files\Microsoft.NET
2009-04-17 14:34 . 2009-04-17 14:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-01_19.27.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-12-31 12:00 . 2002-12-31 12:00 37888 c:\windows\system32\url.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 39424 c:\windows\system32\pngfilt.dll
+ 2002-12-31 12:00 . 2009-06-02 20:59 41292 c:\windows\system32\perfc009.dat
- 2002-12-31 12:00 . 2009-06-01 13:09 41292 c:\windows\system32\perfc009.dat
+ 2002-12-31 12:00 . 2002-12-31 12:00 96256 c:\windows\system32\occache.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 56832 c:\windows\system32\mshtmler.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 29184 c:\windows\system32\mshta.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 22016 c:\windows\system32\licmgr10.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 15872 c:\windows\system32\jsproxy.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 96256 c:\windows\system32\inseng.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 35840 c:\windows\system32\imgutil.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 62976 c:\windows\system32\iesetup.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 48640 c:\windows\system32\iernonce.dll
+ 2009-04-25 13:36 . 2002-12-31 12:00 81920 c:\windows\system32\ieencode.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 34304 c:\windows\system32\ie4uinit.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 55808 c:\windows\system32\extmgr.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 37888 c:\windows\system32\dllcache\url.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 96256 c:\windows\system32\dllcache\occache.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 56832 c:\windows\system32\dllcache\mshtmler.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 29184 c:\windows\system32\dllcache\mshta.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 22016 c:\windows\system32\dllcache\licmgr10.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 15872 c:\windows\system32\dllcache\jsproxy.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 96256 c:\windows\system32\dllcache\inseng.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 35840 c:\windows\system32\dllcache\imgutil.dll
+ 2009-04-17 21:09 . 2002-12-31 12:00 93184 c:\windows\system32\dllcache\iexplore.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 62976 c:\windows\system32\dllcache\iesetup.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 48640 c:\windows\system32\dllcache\iernonce.dll
+ 2009-04-25 13:36 . 2002-12-31 12:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-04-17 21:09 . 2002-12-31 12:00 18432 c:\windows\system32\dllcache\iedw.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 34304 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-04-17 21:09 . 2002-12-31 12:00 38912 c:\windows\system32\dllcache\hmmapi.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-04-17 21:09 . 2009-04-23 22:01 28672 c:\windows\system32\dllcache\custsat.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 35328 c:\windows\system32\dllcache\corpol.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 99840 c:\windows\system32\dllcache\advpack.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 61440 c:\windows\system32\dllcache\admparse.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 35328 c:\windows\system32\corpol.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 99840 c:\windows\system32\advpack.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 61440 c:\windows\system32\admparse.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 656896 c:\windows\system32\wininet.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 276480 c:\windows\system32\webcheck.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 417792 c:\windows\system32\vbscript.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 603648 c:\windows\system32\urlmon.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 473600 c:\windows\system32\shlwapi.dll
+ 2002-12-31 12:00 . 2009-06-02 20:59 315282 c:\windows\system32\perfh009.dat
- 2002-12-31 12:00 . 2009-06-01 13:09 315282 c:\windows\system32\perfh009.dat
+ 2002-12-31 12:00 . 2002-12-31 12:00 530432 c:\windows\system32\mstime.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 146432 c:\windows\system32\msrating.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 146432 c:\windows\system32\msls31.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 448512 c:\windows\system32\mshtmled.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 450560 c:\windows\system32\jscript.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 249344 c:\windows\system32\iepeers.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 323584 c:\windows\system32\iedkcs32.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 221184 c:\windows\system32\ieakui.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 216576 c:\windows\system32\ieaksie.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 139264 c:\windows\system32\ieakeng.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 201728 c:\windows\system32\dxtrans.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 357888 c:\windows\system32\dxtmsft.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 656896 c:\windows\system32\dllcache\wininet.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 276480 c:\windows\system32\dllcache\webcheck.dll
+ 2009-04-17 21:09 . 2002-12-31 12:00 848384 c:\windows\system32\dllcache\vgx.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 603648 c:\windows\system32\dllcache\urlmon.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 473600 c:\windows\system32\dllcache\shlwapi.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 530432 c:\windows\system32\dllcache\mstime.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 146432 c:\windows\system32\dllcache\msrating.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 146432 c:\windows\system32\dllcache\msls31.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 448512 c:\windows\system32\dllcache\mshtmled.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 450560 c:\windows\system32\dllcache\jscript.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 249344 c:\windows\system32\dllcache\iepeers.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 323584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 221184 c:\windows\system32\dllcache\ieakui.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 216576 c:\windows\system32\dllcache\ieaksie.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 139264 c:\windows\system32\dllcache\ieakeng.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 201728 c:\windows\system32\dllcache\dxtrans.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 1483264 c:\windows\system32\shdocvw.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 3004928 c:\windows\system32\mshtml.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 1483264 c:\windows\system32\dllcache\shdocvw.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 3004928 c:\windows\system32\dllcache\mshtml.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 1016832 c:\windows\system32\dllcache\browseui.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 1016832 c:\windows\system32\browseui.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-31 68592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-01 1947928]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-01 12:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/06/2009 13:49 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/06/2009 13:49 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/06/2009 13:49 298776]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [18/04/2009 18:18 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [18/04/2009 18:18 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [18/04/2009 18:18 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [18/04/2009 18:18 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [18/04/2009 18:26 249856]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [18/04/2009 18:18 81920]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [18/04/2009 18:18 1306624]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [17/04/2009 16:11 24944]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\elsawin\bin\wiprot.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 22:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3500)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-06-02 22:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 21:17
ComboFix2.txt 2009-06-02 09:31
ComboFix3.txt 2009-06-01 19:27

Pre-Run: 473,321,164,800 bytes free
Post-Run: 473,281,699,840 bytes free

306


I tried start > run > iexplore.exe http://update.microsoft.com/ This opened ie on google (english) page which I have never seen before.....Update microsoft.com was in the address bar but would not search.....nothing happened.....even if I refreshed it. Thanks again for help....Martin

Edited by martin1810, 02 June 2009 - 04:28 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 AM

Posted 02 June 2009 - 04:25 PM

Thank you. Please proceed with the next steps.

#9 martin1810

martin1810
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 03 June 2009 - 07:11 AM

Farbar.... What next steps.......done everything you said.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 AM

Posted 03 June 2009 - 07:56 AM

Yes I see what is going on. You posted just the scan result of Virustotal. I saw your post. then you missed my post and edited you post to add other logs and unless I got your last reply I wouldn't see your post because I don't get any e-mail notification if you edit your post. So it is better to add to your previous post and not edit it when in fact you are adding to it.

Give me some time now to look it over.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 AM

Posted 03 June 2009 - 08:32 AM

martin1810,

Please read my previous post first.

We have cleaned this computer but you have a DNS-changer trojan on board that hijacks the router's settings. That is why the other computers show the same symptoms. They may or may not be infected and we have to make sure of that. But first give me this log. Then I give you the instruction to free the router. After that we will attend to other computers.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt del log.txt

A command window will open. Wait a while until a log.txt file opens. Please post the content to your reply.

#12 martin1810

martin1810
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 03 June 2009 - 09:08 AM

Thanks Farbar. Did what you said....Here is log. Didn't know about edit problem....won't edit again.


Windows IP Configuration



Host Name . . . . . . . . . . . . : xpsp2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-1F-D0-DB-1B-DA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : 03 June 2009 12:56:13

Lease Expires . . . . . . . . . . : 04 June 2009 12:56:13

Server: www.routerlogin.net
Address: 192.168.0.1

Name: google.com
Addresses: 209.85.171.100, 74.125.67.100, 74.125.45.100



Pinging google.com [209.85.171.100] with 32 bytes of data:



Reply from 209.85.171.100: bytes=32 time=122ms TTL=243

Reply from 209.85.171.100: bytes=32 time=125ms TTL=243



Ping statistics for 209.85.171.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 122ms, Maximum = 125ms, Average = 123ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f d0 db 1b da ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 20
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 20
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 20
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:08 AM

Posted 03 June 2009 - 09:17 AM

Seems your router settings are all OK.

Yet there is something redirecting Windows update to google.com.

Lets run an updated MBAM:
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Also try to get to Windows update page once more and tell me what you get.


#14 martin1810

martin1810
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 03 June 2009 - 10:05 AM

Hi Farbar....Malwarebite log.....Also AVG just popped up and said it found "rolrx" virus. Will try microsoft update next.

Malwarebytes' Anti-Malware 1.37
Database version: 2222
Windows 5.1.2600 Service Pack 2

03/06/2009 16:00:36
mbam-log-2009-06-03 (16-00-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201709
Time elapsed: 19 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 martin1810

martin1810
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 03 June 2009 - 10:10 AM

Tried microsoft update search......got this.....But is was obviously a false page......Funny as I used to get the explorer popup which looked genuine.


Google
Error


Not Found
The requested URL /microsoftupdate/v6/default.aspx?ln=en-US was not found on this server.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users