Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jump or Internet Explorer redirect problem


  • This topic is locked This topic is locked
17 replies to this topic

#1 brandyb

brandyb

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 08 August 2010 - 07:17 PM

I am working on a laptop for a friend who got a virus and tried to remove it himself. It was some sort of '2010' virus--it had that in the name but he can't remember the actual name of the pop up. I suggested several that I knew of but none of them were familiar to him. He tried removing the virus himself, but he couldn't because all he did was try uninstalling the unknown program and then removing files and start up files that didn't look familiar to him. I took it and ran malwarebytes (which removed 11 trojans on one run and 15 more on another one on a different day) on it and ccleaner (registry cleaner and defragged) but I notice when i opened IE to do a search, a random window opened before i chose anything within my search--then once i did choose something, the page it went too was not what i wanted. I saw down in my taskbar where the indicator was for IE, it had 'JUMP' instead........I ran the programs indicated in your preparation guide and I am posting them here. First off, when I ran the DDS........i got a message that there was not enough RAM--which is not true because the computer has 3GB RAM and no other programs running. it still created logs tho---then I noticed I forgot to close the AV--I had disabled it but did not exit---when i tried to re-run the DDS, again I got the 'not enough RAM' message and this time it did not go ahead and create the logs. I ran GMER and it crashed half way through the first run, so i ran it again (had to reboot), and the log is attached. That's another thing--this machine runs extremely slow when trying to process anything---opening a text file, has the 'busy' icon, but it sits there for several minutes before it opens anything. There could be more to this than just the jump/redirect issue........i'm sure there's still other trojans, etc..........but one step at a time. I am grateful for any assists. It starts out with speed ok, but as it sits, it gets slower and slower. The PC is an HP with XP Home version 2002 SP3, HD is about 250 GB.
DDS log below and GMER Scan and Attach.txt are attached.
Brandy

DDS (Ver_10-03-17.01) - NTFSx86
Run by L Luann at 5:54:10.84 on Thu 08/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1622 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\L Luann\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: google.com\maps
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://www.gamehouse.com/realarcade-webgames/nightshiftlegacythejaguarseye/NightshiftJaguarsEye.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: cru629.dat c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 5:56:05.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:26 AM

Posted 16 August 2010 - 07:28 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold

    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  • Push the button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 16 August 2010 - 08:51 PM

Thank you Blade for your help. Here are the 2 files you requested.
OTL File
OTL logfile created on: 8/16/2010 7:04:48 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\L Luann\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 29.37 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 468.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 245.98 Mb Total Space | 238.64 Mb Free Space | 97.02% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUANN
Current User Name: L Luann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/16 18:40:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L Luann\Desktop\OTL.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 15:53:53 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdvcoms.exe
PRC - [2005/04/20 20:06:11 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/08/19 14:50:18 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/08/16 18:40:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L Luann\Desktop\OTL.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2007/10/18 15:53:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2007/10/18 15:53:41 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\lopaespt.sys -- (oygupuga)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LLUANN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/30 16:33:53 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/06/01 19:00:20 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2005/04/20 20:06:14 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/03 07:52:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 13:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/08 13:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 11:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/04/07 14:22:00 | 001,382,634 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/12/02 09:27:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/10/07 22:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 19:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/06/06 15:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/18 19:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 14 4A 1C BE 3C CB 01 [binary data]
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-956997907-1239398557-3705904178-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =



O1 HOSTS File: ([2010/08/04 06:41:37 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\S-1-5-21-956997907-1239398557-3705904178-1010\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-956997907-1239398557-3705904178-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-956997907-1239398557-3705904178-1006\..Trusted Domains: google.com ([maps] * in Trusted sites)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab (MaxisGolfTeleX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab (Reg Error: Key error.)
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} http://www.gamehouse.com/realarcade-webgam...tJaguarsEye.cab (CPlayFirstNightshiftControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.0.1
O20 - AppInit_DLLs: (cru629.dat) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/02/24 23:49:34 | 000,000,134 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f3b27db-b1c3-11d9-a02f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3b27db-b1c3-11d9-a02f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f3b27db-b1c3-11d9-a02f-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe -- [1999/02/24 23:49:34 | 000,027,136 | R--- | M] ()
O33 - MountPoints2\{4f3b27db-b1c3-11d9-a02f-806d6172696f}\Shell\dinstall\command - "" = D:\DIRECTX\dxsetup.exe -- [1999/03/07 08:32:44 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{bd63fad0-f057-11dd-a3d7-000fb04cc9c0}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{bd63fad0-f057-11dd-a3d7-000fb04cc9c0}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{bd63fad0-f057-11dd-a3d7-000fb04cc9c0}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{bd63fad0-f057-11dd-a3d7-000fb04cc9c0}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{bd63fad0-f057-11dd-a3d7-000fb04cc9c0}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe -- [1999/02/24 23:49:34 | 000,027,136 | R--- | M] ()
O33 - MountPoints2\D\Shell\dinstall\command - "" = D:\DIRECTX\dxsetup.exe -- [1999/03/07 08:32:44 | 000,096,768 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69819404975603712)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/16 19:01:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\L Luann\Desktop\OTL.exe
[2010/08/15 16:30:54 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\L Luann\Desktop\HJTInstall(2).exe
[2010/08/10 20:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/04 21:57:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/08/04 21:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\L Luann\Desktop\reg bckup
[2010/08/04 06:36:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/08/04 06:26:29 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/04 06:25:01 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/08/04 06:23:38 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/08/03 20:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\L Luann\Desktop\autoruns
[2010/08/03 20:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\L Luann\Desktop\process monitor
[2010/08/02 20:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\L Luann\Application Data\Malwarebytes
[2010/08/02 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/08/01 22:01:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/01 22:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/01 22:01:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/01 22:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/31 09:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/31 02:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/07/31 02:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/07/30 16:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/07/30 16:33:53 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/07/30 16:33:53 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/07/30 16:33:53 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/07/30 16:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/30 16:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/30 16:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/30 16:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/30 15:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\L Luann\Local Settings\Application Data\aqryjqvfx
[2010/01/20 17:56:45 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDVhcp.dll
[2010/01/20 17:56:44 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvinpa.dll
[2010/01/20 17:56:44 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdviesc.dll
[2010/01/20 17:56:43 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvusb1.dll
[2010/01/20 17:56:42 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvserv.dll
[2010/01/20 17:56:41 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvprox.dll
[2010/01/20 17:56:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvpmui.dll
[2010/01/20 17:56:40 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvlmpm.dll
[2010/01/20 17:56:37 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvhbn3.dll
[2010/01/20 17:56:33 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvcomc.dll
[2010/01/20 17:56:33 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvcomm.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/16 19:07:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{327EB66E-9F0F-41FF-9ED6-769E4DCF188F}.job
[2010/08/16 18:59:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/16 18:58:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/16 18:58:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/16 18:58:33 | 2146,488,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/16 18:40:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L Luann\Desktop\OTL.exe
[2010/08/15 20:24:50 | 004,303,048 | -H-- | M] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\IconCache.db
[2010/08/15 17:55:55 | 000,000,983 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/15 17:55:55 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 17:55:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/08/15 16:33:20 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\L Luann\Desktop\HijackThis.lnk
[2010/08/15 16:08:10 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\L Luann\Desktop\HJTInstall(2).exe
[2010/08/10 22:12:07 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/08/10 22:11:57 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\L Luann\ntuser.dat
[2010/08/10 22:11:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\L Luann\ntuser.ini
[2010/08/05 05:53:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\L Luann\defogger_reenable
[2010/08/04 23:21:38 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\L Luann\Desktop\dds.scr
[2010/08/04 23:20:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\L Luann\Desktop\Defogger.exe
[2010/08/04 06:41:37 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/08/03 21:03:04 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/08/01 22:01:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 02:06:31 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/07/30 16:33:53 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/07/30 16:33:53 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/07/30 16:33:53 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/07/30 16:33:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/30 16:05:23 | 000,522,638 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/30 16:05:23 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/30 16:05:23 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 14:49:18 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\L Luann\Desktop\Microsoft Word.lnk
[2010/07/26 16:36:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/26 14:40:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\L Luann\Desktop\PokerEdge 5.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/15 16:33:20 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\L Luann\Desktop\HijackThis.lnk
[2010/08/08 17:24:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\L Luann\Desktop\dds.scr
[2010/08/05 05:53:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\L Luann\defogger_reenable
[2010/08/05 05:51:58 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\L Luann\Desktop\gmer.exe
[2010/08/05 05:51:39 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\L Luann\Desktop\Defogger.exe
[2010/08/05 05:47:50 | 2146,488,320 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/01 22:01:07 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 02:06:31 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/07/30 16:33:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/08 19:40:57 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010/01/26 17:43:01 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\d3d9caps.dat
[2010/01/20 18:04:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdvvs.dll
[2010/01/20 18:04:05 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdvcoin.dll
[2010/01/20 18:02:48 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdvdrs.dll
[2010/01/20 18:02:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdvcaps.dll
[2010/01/20 18:02:47 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdvcnv4.dll
[2010/01/20 18:01:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDVFXPU.DLL
[2010/01/20 18:01:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDVPMON.DLL
[2010/01/20 18:01:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdvoem.dll
[2010/01/20 17:57:17 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdvrwrd.ini
[2010/01/20 17:56:46 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDVinst.dll
[2010/01/20 17:56:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdvgrd.dll
[2010/01/20 02:33:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/11/28 05:52:47 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\L Luann\Application Data\wklnhst.dat
[2009/08/20 00:34:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.10.102363.531_XP_Vista_x32.INI
[2009/08/19 22:24:42 | 000,018,607 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\mokoziwew._sy
[2009/08/19 22:24:42 | 000,016,179 | ---- | C] () -- C:\Program Files\Common Files\najumenupu.bin
[2009/08/19 22:24:42 | 000,013,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owaqa.db
[2009/08/19 22:24:42 | 000,011,846 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pykyfobol.db
[2009/08/19 22:24:42 | 000,011,071 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ufusazope.dat
[2009/08/19 22:24:42 | 000,010,288 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\kusyhopi.sys
[2009/08/19 22:24:36 | 000,019,088 | ---- | C] () -- C:\Program Files\Common Files\rewum.inf
[2009/08/19 22:24:36 | 000,018,229 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ekevebuba.ban
[2009/08/19 22:24:36 | 000,015,381 | ---- | C] () -- C:\Program Files\Common Files\etaqipoxim.inf
[2009/08/19 22:24:36 | 000,011,747 | ---- | C] () -- C:\Program Files\Common Files\iwedijas.reg
[2009/08/19 22:24:36 | 000,011,413 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\hetehos.bin
[2009/08/19 22:24:36 | 000,011,121 | ---- | C] () -- C:\Documents and Settings\L Luann\Application Data\jurawuj.pif
[2009/08/19 22:24:18 | 000,015,045 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\unogalabo.dat
[2009/08/19 16:02:46 | 000,016,071 | ---- | C] () -- C:\Program Files\Common Files\arowic._dl
[2009/08/19 16:02:46 | 000,014,709 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\pipydum._sy
[2009/08/19 16:02:46 | 000,014,496 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\qazulyped.bat
[2009/08/19 16:02:46 | 000,014,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ixolalogih.lib
[2009/08/19 16:02:46 | 000,014,277 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\qukabavopo._dl
[2009/08/19 16:02:46 | 000,013,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kote.ban
[2009/08/19 16:02:46 | 000,012,444 | ---- | C] () -- C:\WINDOWS\System32\ylomevuxon.sys
[2009/08/19 16:02:45 | 000,017,783 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\madyqasu.bat
[2009/08/19 13:48:54 | 000,019,870 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cogyp._sy
[2009/08/19 13:48:54 | 000,019,555 | ---- | C] () -- C:\WINDOWS\papuqabyn.dll
[2009/08/19 13:48:54 | 000,017,296 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\ucup.exe
[2009/08/19 13:48:54 | 000,017,250 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fobedet.exe
[2009/08/19 13:48:54 | 000,015,186 | ---- | C] () -- C:\Documents and Settings\L Luann\Application Data\iwexuky.inf
[2009/08/19 13:48:54 | 000,013,004 | ---- | C] () -- C:\Program Files\Common Files\abagaco.pif
[2009/08/19 13:48:54 | 000,012,610 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\eqyt._sy
[2009/08/19 13:48:54 | 000,011,194 | ---- | C] () -- C:\Documents and Settings\L Luann\Application Data\pudasuqosi.lib
[2009/08/19 13:48:54 | 000,010,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\eloxer.dat
[2009/08/19 13:48:54 | 000,010,237 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\odosusupuj.dll
[2009/08/19 13:48:53 | 000,015,171 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\syvaguna.db
[2009/08/19 13:44:48 | 000,019,656 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\egihihuqa.dat
[2009/08/19 13:44:48 | 000,019,074 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\coxy.lib
[2009/08/19 13:44:48 | 000,017,798 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\gozuropy.com
[2009/08/19 13:44:48 | 000,016,524 | ---- | C] () -- C:\Program Files\Common Files\redyt.vbs
[2009/08/19 13:44:48 | 000,013,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\winim.com
[2009/08/19 13:44:48 | 000,013,800 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vawylum.scr
[2009/08/19 13:44:48 | 000,012,775 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\edytale._dl
[2009/08/19 13:44:48 | 000,012,667 | ---- | C] () -- C:\Documents and Settings\L Luann\Application Data\rytacygu.pif
[2009/08/19 13:44:48 | 000,012,173 | ---- | C] () -- C:\Documents and Settings\L Luann\Application Data\aceqyzy.dl
[2009/08/13 17:42:07 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/27 16:27:16 | 000,005,086 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
[2009/02/21 00:36:54 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/11 22:23:22 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\L Luann\Local Settings\Application Data\fusioncache.dat
[2009/01/29 03:33:28 | 000,006,438 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/29 03:31:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/09 16:48:46 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
[2008/10/09 16:48:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
[2004/11/18 21:09:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 20:59:11 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/18 20:48:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/07 08:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/09 14:17:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003/12/09 13:51:56 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[2003/03/27 17:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/13 16:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/08/19 14:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2004/11/18 21:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/07/20 04:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2005/07/07 06:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/08/19 20:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/18 23:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/20 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X5400 Series
[2009/08/28 05:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\Eyeblaster
[2005/07/07 08:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\Leadertech
[2009/08/18 23:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\Learn2.com
[2010/01/20 18:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\Lexmark Productivity Studio
[2009/08/13 18:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\MH GED
[2009/11/22 16:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\MSNInstaller
[2009/07/20 04:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\PlayFirst
[2009/06/22 06:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\postgresql
[2010/03/04 15:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\TeamViewer
[2010/07/01 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\Template
[2010/07/03 16:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\UB
[2007/03/15 05:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\Viewpoint
[2010/01/21 15:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L Luann\Application Data\X5400 Series
[2010/08/16 19:07:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{327EB66E-9F0F-41FF-9ED6-769E4DCF188F}.job

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/27 11:00:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/27 11:00:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/27 11:00:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/27 11:00:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/07 00:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 00:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/07 00:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras file
OTL Extras logfile created on: 8/16/2010 7:04:48 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\L Luann\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 29.37 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 468.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 245.98 Mb Total Space | 238.64 Mb Free Space | 97.02% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUANN
Current User Name: L Luann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Activision_CivCTPUninstallKey" = Civilization: Call To Power
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA GART Driver" = NVIDIA GART Driver
"PokerEdge" = PokerEdge 5.0.1.268
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-956997907-1239398557-3705904178-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UB" = UB

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2010 12:03:51 AM | Computer Name = LUANN | Source = ESENT | ID = 489
Description = wuauclt (9996) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/22/2010 12:03:53 AM | Computer Name = LUANN | Source = ESENT | ID = 455
Description = wuaueng.dll (9996) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/22/2010 12:04:04 AM | Computer Name = LUANN | Source = ESENT | ID = 489
Description = wuauclt (9996) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/22/2010 12:04:04 AM | Computer Name = LUANN | Source = ESENT | ID = 455
Description = wuaueng.dll (9996) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/6/2010 12:00:49 AM | Computer Name = LUANN | Source = Application Error | ID = 1000
Description = Faulting application fulltiltpoker.exe, version 0.0.0.0, faulting
module qtwebkit4.dll, version 4.5.2.0, fault address 0x0000f98d.

Error - 6/14/2010 9:21:52 AM | Computer Name = LUANN | Source = ESENT | ID = 489
Description = wuauclt (412) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/14/2010 9:21:52 AM | Computer Name = LUANN | Source = ESENT | ID = 455
Description = wuaueng.dll (412) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/14/2010 9:22:02 AM | Computer Name = LUANN | Source = ESENT | ID = 489
Description = wuauclt (412) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/14/2010 9:22:02 AM | Computer Name = LUANN | Source = ESENT | ID = 455
Description = wuaueng.dll (412) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/23/2010 4:32:00 AM | Computer Name = LUANN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17023, faulting
module unknown, version 0.0.0.0, fault address 0x60b47930.

[ System Events ]
Error - 8/16/2010 9:32:58 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:02 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:06 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:10 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:13 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:17 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:21 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:24 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:28 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/16/2010 9:33:32 PM | Computer Name = LUANN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:26 AM

Posted 16 August 2010 - 10:29 PM

Hello.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 17 August 2010 - 08:40 PM

Blade, Here is my combofix log
ComboFix 10-08-17.02 - L Luann 08/17/2010 19:57:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1728 [GMT -5:00]
Running from: c:\documents and settings\L Luann\Desktop\renamed.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\L Luann\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\L Luann\Local Settings\Application Data\aqryjqvfx
c:\documents and settings\L Luann\Local Settings\Application Data\aqryjqvfx\rcbfihbtssd.exe
c:\windows\hufeb.scr
c:\windows\iduqoki.exe
c:\windows\ilaj.scr
c:\windows\papuqabyn.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SFX
-------\Legacy_SFXDRV
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-11 01:50 . 2010-08-11 01:50 -------- d-----w- c:\program files\Trend Micro
2010-08-05 03:06 . 2010-08-05 03:06 -------- d-sh--w- c:\documents and settings\Momma\IETldCache
2010-08-05 02:58 . 2010-08-05 02:58 -------- d-sh--w- c:\documents and settings\Administrator.LUANN\IETldCache
2010-08-04 11:36 . 2010-08-04 11:36 -------- d-----w- c:\windows\ERUNT
2010-08-04 11:25 . 2010-08-04 11:25 -------- d-----w- C:\VritualRoot
2010-08-04 11:23 . 2010-08-04 11:47 -------- d-----w- C:\SDFix
2010-08-03 01:08 . 2010-08-03 01:08 -------- d-----w- c:\documents and settings\L Luann\Application Data\Malwarebytes
2010-08-02 12:38 . 2010-08-02 12:38 -------- d-----w- c:\program files\Defraggler
2010-08-02 03:01 . 2010-08-02 03:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-02 03:01 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-02 03:01 . 2010-08-02 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-02 03:01 . 2010-08-02 03:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 03:01 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 14:20 . 2010-07-31 14:20 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-07-31 14:19 . 2010-07-31 14:19 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-31 14:18 . 2010-07-31 14:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-31 07:12 . 2010-07-31 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-07-31 07:06 . 2010-07-31 07:06 -------- d-----w- c:\program files\COMODO
2010-07-30 21:44 . 2010-07-30 21:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-30 21:33 . 2010-07-30 21:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-30 21:33 . 2010-07-30 21:33 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 23:33 . 2009-05-27 02:46 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-08-02 02:50 . 2009-08-18 19:54 -------- d-----w- c:\program files\CCleaner
2010-07-31 16:16 . 2009-08-19 06:08 -------- d-----w- c:\program files\PokerStars
2010-07-31 06:54 . 2010-07-03 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-31 00:14 . 2009-08-19 06:05 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-30 23:30 . 2010-04-17 03:33 -------- d-----w- c:\program files\PokerEdge
2010-07-07 18:17 . 2009-08-19 06:11 -------- d-----w- c:\program files\UltimateBet
2010-07-03 21:13 . 2010-07-03 21:13 159744 ----a-w- c:\documents and settings\L Luann\Application Data\UB\DownLoadInst\liveupdate.exe
2010-07-03 21:13 . 2010-07-03 20:58 -------- d-----w- c:\documents and settings\L Luann\Application Data\UB
2010-07-03 20:57 . 2010-07-03 20:57 -------- d-----w- c:\program files\_uninstallation_info
2010-07-02 03:08 . 2009-11-28 10:52 584 ----a-w- c:\documents and settings\L Luann\Application Data\wklnhst.dat
2010-07-02 02:41 . 2010-07-02 02:41 -------- d-----w- c:\documents and settings\L Luann\Application Data\Template
2010-06-29 11:20 . 2008-09-19 02:36 -------- d-----w- c:\program files\Trillian
2010-06-24 02:45 . 2010-01-26 22:43 664 ----a-w- c:\documents and settings\L Luann\Local Settings\Application Data\d3d9caps.dat
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 16:55 . 2010-06-04 16:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-03 00:45 . 2010-06-03 00:45 503808 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50253842-n\msvcp71.dll
2010-06-03 00:45 . 2010-06-03 00:45 499712 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50253842-n\jmc.dll
2010-06-03 00:45 . 2010-06-03 00:45 348160 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50253842-n\msvcr71.dll
2010-06-03 00:45 . 2010-06-03 00:45 61440 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1513dc67-n\decora-sse.dll
2010-06-03 00:45 . 2010-06-03 00:45 12800 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1513dc67-n\decora-d3d.dll
2010-06-02 00:00 . 2010-06-02 00:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 00:00 . 2010-06-02 00:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-02 00:00 . 2010-06-02 00:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 00:00 . 2010-06-02 00:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2009-08-20 03:24 . 2009-08-20 03:24 16179 ----a-w- c:\program files\Common Files\najumenupu.bin
2009-08-20 03:24 . 2009-08-20 03:24 19088 ----a-w- c:\program files\Common Files\rewum.inf
2009-08-20 03:24 . 2009-08-20 03:24 15381 ----a-w- c:\program files\Common Files\etaqipoxim.inf
2009-08-20 03:24 . 2009-08-20 03:24 11747 ----a-w- c:\program files\Common Files\iwedijas.reg
2009-08-19 21:02 . 2009-08-19 21:02 16071 ----a-w- c:\program files\Common Files\arowic._dl
2009-08-19 18:48 . 2009-08-19 18:48 13004 ----a-w- c:\program files\Common Files\abagaco.pif
2009-08-19 18:44 . 2009-08-19 18:44 16524 ----a-w- c:\program files\Common Files\redyt.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-21 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-19 98304]
"nwiz"="nwiz.exe" [2004-04-07 323584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-07 4730880]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 290816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-09-03 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]
2008-11-06 05:58 964661 ----a-w- c:\sdfix\RunThis.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S0 oygupuga;oygupuga;c:\windows\system32\drivers\lopaespt.sys --> c:\windows\system32\drivers\lopaespt.sys [?]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [1/20/2010 6:03 PM 98984]
S4 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [6/1/2010 7:00 PM 15464]
S4 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 229312]
S4 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 25240]
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\User_Feed_Synchronization-{327EB66E-9F0F-41FF-9ED6-769E4DCF188F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: google.com\maps
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://www.gamehouse.com/realarcade-webgames/nightshiftlegacythejaguarseye/NightshiftJaguarsEye.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 20:11
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdvcoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\AGRSMMSG.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-08-17 20:17:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 01:17

Pre-Run: 31,229,362,176 bytes free
Post-Run: 31,736,381,440 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3208729225B76FDE02F9A229E88B5F97


#6 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 17 August 2010 - 08:55 PM

Also, it indicates Comodo was running, however, I had the program shut down, disabled the firewall and the anti-virus as well as all processes. I could not find any services running.
I ran autoruns and deselected everything with Comodo in it and rebooted. When I opened Comodo and viewed the different options, the antivirus was disabled the sandbox was disabled and the defense was disabled. Yet the log shows it's still running. I checked the comodo site and could not find any information on how to disable the whole thing other than what i had already done.

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:26 AM

Posted 18 August 2010 - 08:50 AM

Hello brandyb.

Don't worry about Comodo. . . it appears ComboFix didn't have any issues.

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
DDS::
uInternet Settings,ProxyServer =-
uInternet Settings,ProxyOverride =-


Save this as CFScript.txt, in the same location as renamed.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade


In your next reply, please include the following:
ComboFix log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 August 2010 - 10:20 AM

Blade, I apologize, but I am having a problem getting this log to post. It is quite large and so I am going to have to break it up into pieces and load multiple posts. I hope to get that completed this weekend.

#9 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 August 2010 - 01:42 PM

Blade,
While trying to upload the first part of the log, the computer froze and had to shut it down. Being the idiot that I am, I had not saved that log prior to the copy, so when the machine rebooted, the log was gone. When trying to move the CFScript.txt again, it starts the combofix little screen, the green bars go across a few places and then I get a message, 'installation failed'. Trying to run renamed.exe also gives the same error. Any suggestions? I will say, that the redirect does not seem to be occurring. I have gone to several pages without any odd pages opening up or going to someplace other than what I have typed in.

#10 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 August 2010 - 02:07 PM

Ignore the above post, I rebooted the computer and it's working now (running the combofix)

#11 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 August 2010 - 02:22 PM

Blade, here is the log you requested

ComboFix 10-08-19.02 - L Luann 08/20/2010 14:11:35.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1694 [GMT -5:00]
Running from: c:\documents and settings\L Luann\Desktop\renamed.exe
Command switches used :: c:\documents and settings\L Luann\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-20 19:03 . 2010-08-20 19:03 -------- d-sh--w- c:\documents and settings\postgres.LUANN.000\IETldCache
2010-08-20 18:46 . 2010-08-20 18:46 503808 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b18e871-n\msvcp71.dll
2010-08-20 18:46 . 2010-08-20 18:46 499712 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b18e871-n\jmc.dll
2010-08-20 18:46 . 2010-08-20 18:46 348160 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b18e871-n\msvcr71.dll
2010-08-20 18:45 . 2010-08-20 18:45 61440 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1a0899d1-n\decora-sse.dll
2010-08-20 18:45 . 2010-08-20 18:45 12800 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1a0899d1-n\decora-d3d.dll
2010-08-20 18:37 . 2010-08-20 18:40 -------- d-----w- C:\32788R22FWJFW.4.tmp
2010-08-20 18:36 . 2010-08-20 18:37 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-08-20 18:36 . 2010-08-20 18:36 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-08-20 18:35 . 2010-08-20 18:36 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-08-11 01:50 . 2010-08-11 01:50 -------- d-----w- c:\program files\Trend Micro
2010-08-05 03:06 . 2010-08-05 03:06 -------- d-sh--w- c:\documents and settings\Momma\IETldCache
2010-08-05 02:58 . 2010-08-05 02:58 -------- d-sh--w- c:\documents and settings\Administrator.LUANN\IETldCache
2010-08-04 11:36 . 2010-08-04 11:36 -------- d-----w- c:\windows\ERUNT
2010-08-04 11:25 . 2010-08-04 11:25 -------- d-----w- C:\VritualRoot
2010-08-04 11:23 . 2010-08-04 11:47 -------- d-----w- C:\SDFix
2010-08-03 01:08 . 2010-08-03 01:08 -------- d-----w- c:\documents and settings\L Luann\Application Data\Malwarebytes
2010-08-02 12:38 . 2010-08-02 12:38 -------- d-----w- c:\program files\Defraggler
2010-08-02 03:01 . 2010-08-02 03:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-02 03:01 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-02 03:01 . 2010-08-02 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-02 03:01 . 2010-08-02 03:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 03:01 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 14:20 . 2010-07-31 14:20 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-07-31 14:19 . 2010-07-31 14:19 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-31 14:18 . 2010-07-31 14:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-31 07:12 . 2010-08-20 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-07-31 07:06 . 2010-07-31 07:06 -------- d-----w- c:\program files\COMODO
2010-07-30 21:44 . 2010-07-30 21:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-30 21:33 . 2010-07-30 21:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-30 21:33 . 2010-07-30 21:33 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 19:01 . 2009-05-27 02:46 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-08-02 02:50 . 2009-08-18 19:54 -------- d-----w- c:\program files\CCleaner
2010-07-31 16:16 . 2009-08-19 06:08 -------- d-----w- c:\program files\PokerStars
2010-07-31 06:54 . 2010-07-03 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-31 00:14 . 2009-08-19 06:05 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-30 23:30 . 2010-04-17 03:33 -------- d-----w- c:\program files\PokerEdge
2010-07-07 18:17 . 2009-08-19 06:11 -------- d-----w- c:\program files\UltimateBet
2010-07-03 21:13 . 2010-07-03 21:13 159744 ----a-w- c:\documents and settings\L Luann\Application Data\UB\DownLoadInst\liveupdate.exe
2010-07-03 21:13 . 2010-07-03 20:58 -------- d-----w- c:\documents and settings\L Luann\Application Data\UB
2010-07-03 20:57 . 2010-07-03 20:57 -------- d-----w- c:\program files\_uninstallation_info
2010-07-02 03:08 . 2009-11-28 10:52 584 ----a-w- c:\documents and settings\L Luann\Application Data\wklnhst.dat
2010-07-02 02:41 . 2010-07-02 02:41 -------- d-----w- c:\documents and settings\L Luann\Application Data\Template
2010-06-30 12:31 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 11:20 . 2008-09-19 02:36 -------- d-----w- c:\program files\Trillian
2010-06-24 12:22 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:45 . 2010-01-26 22:43 664 ----a-w- c:\documents and settings\L Luann\Local Settings\Application Data\d3d9caps.dat
2010-06-23 13:44 . 2004-08-04 08:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 08:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 08:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 00:45 . 2010-06-03 00:45 503808 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50253842-n\msvcp71.dll
2010-06-03 00:45 . 2010-06-03 00:45 499712 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50253842-n\jmc.dll
2010-06-03 00:45 . 2010-06-03 00:45 348160 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50253842-n\msvcr71.dll
2010-06-03 00:45 . 2010-06-03 00:45 61440 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1513dc67-n\decora-sse.dll
2010-06-03 00:45 . 2010-06-03 00:45 12800 ----a-w- c:\documents and settings\L Luann\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1513dc67-n\decora-d3d.dll
2009-08-20 03:24 . 2009-08-20 03:24 16179 ----a-w- c:\program files\Common Files\najumenupu.bin
2009-08-20 03:24 . 2009-08-20 03:24 19088 ----a-w- c:\program files\Common Files\rewum.inf
2009-08-20 03:24 . 2009-08-20 03:24 15381 ----a-w- c:\program files\Common Files\etaqipoxim.inf
2009-08-20 03:24 . 2009-08-20 03:24 11747 ----a-w- c:\program files\Common Files\iwedijas.reg
2009-08-19 21:02 . 2009-08-19 21:02 16071 ----a-w- c:\program files\Common Files\arowic._dl
2009-08-19 18:48 . 2009-08-19 18:48 13004 ----a-w- c:\program files\Common Files\abagaco.pif
2009-08-19 18:44 . 2009-08-19 18:44 16524 ----a-w- c:\program files\Common Files\redyt.vbs
.

((((((((((((((((((((((((((((( SnapShot_2010-08-19_12.21.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-20 19:03 . 2010-08-20 19:03 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
- 2004-08-07 13:10 . 2010-07-30 21:05 71910 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:10 . 2010-08-20 18:53 71910 c:\windows\system32\perfc009.dat
- 2006-11-08 03:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 03:03 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 08:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 08:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2010-07-03 08:50 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-07-03 08:50 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-05-12 21:09 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-12 21:09 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-05-10 05:22 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-08-20 18:59 . 2010-08-20 18:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-20 18:56 . 2010-08-20 18:56 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-20 18:55 . 2010-08-20 18:55 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-20 19:00 . 2010-08-20 19:00 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-07-03 07:29 . 2010-07-03 07:29 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-07 13:10 . 2010-07-30 21:05 442140 c:\windows\system32\perfh009.dat
+ 2004-08-07 13:10 . 2010-08-20 18:53 442140 c:\windows\system32\perfh009.dat
+ 2004-08-04 08:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
- 2004-08-04 08:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2004-08-04 08:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 08:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
- 2006-11-08 03:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2006-11-08 03:03 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll
- 2004-08-04 08:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 08:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 08:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 08:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 08:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-04 08:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-07 13:02 . 2010-08-20 19:02 319544 c:\windows\system32\FNTCACHE.DAT
- 2004-08-07 13:02 . 2010-07-03 08:56 319544 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 08:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 08:00 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 05:25 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2006-10-17 18:04 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 18:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:23 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-12 21:09 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-12 21:09 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2010-07-03 08:50 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-07-03 08:50 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-05-10 05:22 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:22 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-07-03 08:50 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-07-03 08:50 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-11-07 09:27 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 09:27 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 09:26 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 09:26 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-05-11 11:40 . 2010-05-11 11:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-08-20 18:46 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-08-20 18:46 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-08-20 18:46 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-08-20 18:46 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-08-20 18:59 . 2010-08-20 18:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-20 18:59 . 2010-08-20 18:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-20 18:59 . 2010-08-20 18:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-20 19:00 . 2010-08-20 19:00 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-20 19:00 . 2010-08-20 19:00 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-20 18:56 . 2010-08-20 18:56 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-20 18:56 . 2010-08-20 18:56 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-20 18:56 . 2010-08-20 18:56 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-20 18:56 . 2010-08-20 18:56 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-20 19:00 . 2010-08-20 19:00 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-04 08:00 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll
- 2010-04-14 03:12 . 2010-02-17 14:10 2189952 c:\windows\system32\ntoskrnl.exe
+ 2010-04-14 03:12 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe
- 2010-04-14 03:12 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe
+ 2010-04-14 03:12 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 08:00 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll
+ 2006-10-17 17:57 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2008-10-16 05:51 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 08:00 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 06:04 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 06:04 . 2010-02-17 14:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 06:04 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 06:04 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 06:04 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 06:04 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 06:04 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-16 06:04 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-12 00:54 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-12 00:54 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-05-19 15:08 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll
- 2010-07-03 02:58 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-07-03 02:58 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2007-05-12 21:09 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-08-20 18:46 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
- 2008-10-16 06:04 . 2010-02-17 14:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 06:04 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 06:04 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 06:04 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 06:04 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 06:04 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 06:04 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 06:04 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-08-20 18:55 . 2010-08-20 18:55 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-20 18:59 . 2010-08-20 18:59 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-20 18:54 . 2010-08-20 18:54 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:58 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-08-20 19:00 . 2010-08-20 19:00 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-08-20 19:00 . 2010-08-20 19:00 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-20 18:55 . 2010-08-20 18:55 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-07-03 07:28 . 2010-07-03 07:28 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-20 18:51 . 2010-08-20 18:51 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-07-03 07:29 . 2010-07-03 07:29 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-20 18:52 . 2010-08-20 18:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-05-11 12:49 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe
+ 2006-11-08 03:03 . 2010-06-24 22:51 11077120 c:\windows\system32\ieframe.dll
+ 2007-05-12 21:09 . 2010-06-24 22:51 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\e26fbe.msp
+ 2010-08-20 18:46 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-08-20 19:17 . 2010-08-20 19:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-08-20 18:57 . 2010-08-20 18:57 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-08-20 18:56 . 2010-08-20 18:56 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-20 18:56 . 2010-08-20 18:56 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-20 18:54 . 2010-08-20 18:54 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-21 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-19 98304]
"nwiz"="nwiz.exe" [2004-04-07 323584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-07 4730880]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 290816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-09-03 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]
2008-11-06 05:58 964661 ----a-w- c:\sdfix\RunThis.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S0 oygupuga;oygupuga;c:\windows\system32\drivers\lopaespt.sys --> c:\windows\system32\drivers\lopaespt.sys [?]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [1/20/2010 6:03 PM 98984]
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\User_Feed_Synchronization-{327EB66E-9F0F-41FF-9ED6-769E4DCF188F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: google.com\maps
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://www.gamehouse.com/realarcade-webgames/nightshiftlegacythejaguarseye/NightshiftJaguarsEye.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-20 14:19:43
ComboFix-quarantined-files.txt 2010-08-20 19:19
ComboFix2.txt 2010-08-19 12:23
ComboFix3.txt 2010-08-18 01:17

Pre-Run: 31,194,255,360 bytes free
Post-Run: 31,165,259,776 bytes free

- - End Of File - - B5F5617FEF93817CFA5F471B4210171F


#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:26 AM

Posted 21 August 2010 - 12:09 AM

Hello.

How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 21 August 2010 - 09:38 AM

the redirect does not seem to be occurring. I have gone to several pages without any odd pages opening up or going to someplace other than what I have typed in.

#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:26 AM

Posted 21 August 2010 - 06:00 PM

Hello.

Last couple things to take care of.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 21.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

***************************************************

Your Adobe Reader is out of date. Please uninstall it through Add/Remove Programs and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

***************************************************

Now, let's clean up our mess.
  • Click on Start>Run
  • Now type combofix /Uninstall in the runbox and click OK. Notice the space between the "x" and "/".
  • You will then recieve a message letting you know that Combofix was uninstalled Successfully.
This will remove files/folders assoicated with combofix and uninstall it.

***************************************************
  • Please double click on the icon on your desktop.
  • Click the large button marked "Cleanup"
***************************************************

Your machine appears to be clean!

If you disabled emulation drivers earlier, you can re-enable them now if you wish:

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

***************************************************

I highly recommend that you read through the below set of very helpful suggestions and implement them; they will help protect you from reinfectionI recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache!
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programs in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Another recommendation, is to download HostsMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select at least one of them (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 brandyb

brandyb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 22 August 2010 - 06:14 PM

Blade,
Thank you so much for your help with this issue thumbup.gif
I have found several recommendations that I intend to implement on my own computer.
I will return this one tomorrow to the owner and have them test it for awhile and let me know how it's running and I will post an update next weekend. It appears to me that all is resolved, but they do more with this one than I do, so I want them to give me the final 'yes'.

I will let you know next weekend and then the thread can be closed, if that's ok with you.

Brandy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users