Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • This topic is locked This topic is locked
24 replies to this topic

#1 Ice D

Ice D

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 21 June 2011 - 03:02 PM

I have windows xp
ran malwarebytes, free avg and spybot with nothing found.

Google keeps redirecting and defaulting to the google Netherlands site.

.
DDS (Ver_11-05-19.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Compaq_Owner at 13:20:02 on 2011-06-21
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.639.497 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner.computer\application data\mozilla\firefox\profiles\frcwolap.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2382372&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://ride.searchpw.com/?t=w&p=1&q=hotmail&b=1|http://ride.searchpw.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\documents and settings\compaq_owner.computer\application data\mozilla\firefox\profiles\frcwolap.default\extensions\{7e866ac9-19bc-4a05-a205-d5552a509cb7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\compaq_owner.computer\application data\mozilla\firefox\profiles\frcwolap.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\compaq_owner.computer\application data\mozilla\firefox\profiles\frcwolap.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-13 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-13 22712]
.
=============== Created Last 30 ================
.
2011-06-21 15:19:13 -------- d-----w- c:\documents and settings\compaq_owner.computer\application data\AVG
2011-06-10 18:28:23 -------- d-----w- c:\documents and settings\compaq_owner.computer\application data\Unity
2011-06-10 17:44:15 -------- d-----w- c:\documents and settings\compaq_owner.computer\local settings\application data\Unity
2011-06-10 17:23:20 40960 ----a-r- c:\documents and settings\compaq_owner.computer\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2011-05-31 21:41:19 -------- d-----w- C:\hegames
2011-05-31 20:19:31 -------- d-----w- c:\program files\directx
2011-05-31 01:36:23 -------- d-----w- c:\documents and settings\compaq_owner.computer\local settings\application data\Help
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 13:10:05 0 ----a-w- c:\windows\Akuxeco.bin
2011-05-03 21:15:09 7597 ----a-w- c:\windows\ofuluheqic.dll
2011-05-03 14:34:30 6853 ----a-w- c:\windows\etodiwihe.dll
2011-05-03 11:29:19 6821 ----a-w- c:\windows\uyumizufa.dll
2011-05-03 01:23:26 6853 ----a-w- c:\windows\irovuviya.dll
2011-05-02 22:44:29 6853 ----a-w- c:\windows\owesuyaxukowomaq.dll
2011-05-02 19:58:08 6853 ----a-w- c:\windows\ijubecid.dll
2011-05-02 17:17:50 6853 ----a-w- c:\windows\okaziwakec.dll
2011-05-02 13:59:32 6853 ----a-w- c:\windows\idadifex.dll
2011-05-02 10:58:37 6821 ----a-w- c:\windows\arugakus.dll
2011-05-02 00:16:58 6853 ----a-w- c:\windows\etudazayu.dll
2011-05-01 20:00:17 6853 ----a-w- c:\windows\ileroyowuyazam.dll
2011-05-01 16:14:16 6821 ----a-w- c:\windows\iqoyiyuk.dll
2011-05-01 02:08:29 6821 ----a-w- c:\windows\abeqoyamukohiyi.dll
2011-05-01 00:22:23 6853 ----a-w- c:\windows\uvuyayidadotib.dll
2011-04-30 21:13:04 6853 ----a-w- c:\windows\inaqatuza.dll
2011-04-30 18:18:39 6853 ----a-w- c:\windows\abosiyuwamoxobuz.dll
2011-04-30 15:44:38 6853 ----a-w- c:\windows\ololecugofu.dll
2011-04-30 12:29:36 6821 ----a-w- c:\windows\ametigokidonot.dll
2011-04-30 04:26:20 6821 ----a-w- c:\windows\iyiquxojaponaduq.dll
2011-04-30 01:29:41 6853 ----a-w- c:\windows\osoxuzedes.dll
2011-04-29 23:27:42 6821 ----a-w- c:\windows\ewegitixe.dll
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 13:20:21.09 ===============

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-06-21 16:01:25
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK200-04
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1.COM\LOCALS~1\Temp\kxdiqpoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1420] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:388] 831A6B8C

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\COMPAQ~1.COM\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:28 PM

Posted 21 June 2011 - 03:47 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#3 Ice D

Ice D
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 21 June 2011 - 09:22 PM

Here is the ESET scan. 2 items found. I forgot to check scan archive so I will rescan and load that one also.


C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity37.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip Win32/Bagle.gen.zip worm

#4 Ice D

Ice D
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 22 June 2011 - 06:18 AM

Good morning.

Here are the results from the 2nd scan.



C:\Buonopane\Callie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-549efd07-753515ad.zip multiple threats
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity37.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\AVG\Rescue\PC Tuneup 2011\110621111917093.rsc multiple threats

#5 Ice D

Ice D
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 22 June 2011 - 11:58 AM

Nothings changed yet, still having he same issues.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:28 PM

Posted 22 June 2011 - 02:04 PM

Good evening. :)

You have a couple of entries in your log that point to files on your PC that I would like to have checked - if they are still present.

Please go to Jotti's and click on the Browse... button at the top and navigate to the following files in turn, and then click on Submit:

c:\windows\ofuluheqic.dll
c:\windows\etodiwihe.dll
c:\windows\uyumizufa.dll


When all the scans have been completed, for each file in turn, please copy and paste the "Permalink" that you'll find in the "Jotti's malware scan" box in the upper left hand part of the page into your next reply.

You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here.
* These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after you have done.
*

So long, and thanks for all the fish.

 

 


#7 Ice D

Ice D
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 22 June 2011 - 08:44 PM

Here the results are from the jotti scan

http://virusscan.jotti.org/en/scanresult/a93e746d0680101dc0478d85d277b936491325cd
http://virusscan.jotti.org/en/scanresult/fa3c4a3be2072c8aa28a21373ddfa5998751a972
http://virusscan.jotti.org/en/scanresult/901dd97bd821ec6d5d01117e1cec5d685dca6c74

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:28 PM

Posted 23 June 2011 - 01:24 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#9 Ice D

Ice D
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 23 June 2011 - 09:05 PM

OTL logfile created on: 6/23/2011 9:39:34 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

639.48 Mb Total Physical Memory | 474.03 Mb Available Physical Memory | 74.13% Memory free
1.53 Gb Paging File | 1.11 Gb Available in Paging File | 72.62% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.30 Gb Total Space | 0.69 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.67 Gb Free Space | 12.74% Space Free | Partition Type: FAT32

Computer Name: COMPUTER | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 21:37:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Downloads\OTL.scr
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2004/08/04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 21:37:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Downloads\OTL.scr
MOD - [2004/08/04 21:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/04 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/29 20:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/12 01:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/10/19 15:18:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/05/20 22:22:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0CDCBA10-58D7-4B9E-9DC8-619C520A803E}: C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\{0CDCBA10-58D7-4B9E-9DC8-619C520A803E} [2011/05/03 15:10:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 07:19:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 22:22:16 | 000,000,000 | ---D | M]

[2010/12/28 13:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Mozilla\Extensions
[2011/06/22 07:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\frcwolap.default\extensions
[2011/06/22 07:20:09 | 000,000,000 | ---D | M] (Ride Community Toolbar) -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\frcwolap.default\extensions\{7e866ac9-19bc-4a05-a205-d5552a509cb7}
[2011/05/26 15:02:43 | 000,000,000 | ---D | M] (Playboost Gamebar) -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\frcwolap.default\extensions\{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}
[2011/05/17 08:03:36 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\frcwolap.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/06/22 07:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/23 18:47:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/09/17 00:15:21 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/09/17 00:15:22 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/09/17 00:15:23 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/08/23 18:47:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/12 23:51:12 | 000,433,904 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14935 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/15 13:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 12:38:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\PrivacIE
[2011/06/23 12:33:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\IETldCache
[2011/06/23 12:25:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/06/21 18:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/21 11:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\AVG
[2011/06/21 11:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/06/10 14:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Unity
[2011/06/10 13:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\Unity
[2011/06/10 13:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Start Menu\Programs\project64 1.6
[2011/06/06 16:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Bro books
[2011/05/31 22:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Invoices
[2011/05/31 17:41:19 | 000,000,000 | ---D | C] -- C:\hegames
[2011/05/31 16:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/05/30 21:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\Help
[2011/05/30 21:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Help
[2011/05/25 09:00:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Start Menu\Programs\Administrative Tools

========== Files - Modified Within 30 Days ==========

[2011/06/23 18:49:39 | 119,647,142 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/23 12:36:29 | 000,013,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\wklnhst.dat
[2011/06/23 12:33:35 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/23 12:32:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 12:32:28 | 670,617,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 17:18:27 | 000,181,417 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/06/22 11:42:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/22 07:19:05 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/21 13:10:17 | 000,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/21 11:15:53 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\AVG PC Tuneup 2011.lnk
[2011/06/21 11:05:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/06/21 10:21:08 | 000,036,162 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Likens interior painting.pdf
[2011/06/21 10:20:53 | 000,015,061 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Likens interior painting.odm
[2011/06/20 15:00:52 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\book 2.wps
[2011/06/17 09:20:31 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/16 22:08:28 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/06/15 20:56:30 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\title for plickle kid.wps
[2011/06/15 20:56:06 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\THE PICKIE KID BY BRODIE.wps
[2011/06/11 12:47:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/09 14:54:55 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Emily of the Ides Chapter 11.wps
[2011/06/08 12:52:14 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Spybot - Search & Destroy.lnk
[2011/06/08 11:57:34 | 000,035,505 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Osmer invoice.pdf
[2011/06/08 11:48:09 | 000,014,714 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Osmer invoice.odm
[2011/06/07 02:03:35 | 000,020,583 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Psalm 34-37 HL.odt
[2011/06/06 21:57:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 20:58:43 | 000,167,424 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\puppy shadow.wps
[2011/06/06 20:58:31 | 002,384,896 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Element Project.wps
[2011/06/06 10:46:59 | 000,037,637 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\highlights june 7.odt
[2011/05/31 17:47:56 | 000,000,936 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2011/05/31 13:17:48 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\jews jesus talk.wps
[2011/05/30 21:36:48 | 000,000,831 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/05/30 08:43:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 18:25:17 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Calculator.lnk
[2011/05/25 10:01:36 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/25 09:47:55 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/25 09:47:55 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/25 09:21:23 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Shortcut to Defogger.lnk
[2011/05/25 09:08:13 | 000,001,072 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Shortcut (2) to gmer.lnk
[2011/05/25 09:05:52 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Shortcut to gmer.lnk
[2011/05/25 08:59:38 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Shortcut to dds.lnk
[2011/05/25 08:57:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\defogger_reenable

========== Files Created - No Company Name ==========

[2011/06/22 12:20:12 | 670,617,600 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/21 11:15:53 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\AVG PC Tuneup 2011.lnk
[2011/06/21 10:21:05 | 000,036,162 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Likens interior painting.pdf
[2011/06/21 10:20:52 | 000,015,061 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Likens interior painting.odm
[2011/06/20 15:00:51 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\book 2.wps
[2011/06/15 20:56:30 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\title for plickle kid.wps
[2011/06/09 13:58:37 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Emily of the Ides Chapter 11.wps
[2011/06/08 19:04:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 12:52:14 | 000,000,953 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Spybot - Search & Destroy.lnk
[2011/06/08 11:57:33 | 000,035,505 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Osmer invoice.pdf
[2011/06/07 01:44:38 | 000,020,583 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Psalm 34-37 HL.odt
[2011/06/06 19:28:37 | 002,384,896 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Element Project.wps
[2011/06/06 16:26:41 | 000,167,424 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\puppy shadow.wps
[2011/06/06 10:46:58 | 000,037,637 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\highlights june 7.odt
[2011/05/31 22:50:04 | 000,014,714 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Osmer invoice.odm
[2011/05/31 12:13:29 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\jews jesus talk.wps
[2011/05/25 09:21:23 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Shortcut to Defogger.lnk
[2011/05/25 09:08:13 | 000,001,072 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Shortcut (2) to gmer.lnk
[2011/05/25 09:05:52 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Shortcut to gmer.lnk
[2011/05/25 08:59:38 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Desktop\Shortcut to dds.lnk
[2011/05/25 08:57:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\defogger_reenable
[2011/05/13 19:55:02 | 000,011,152 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\l1mt4nci68jk2ni176
[2011/05/13 19:55:02 | 000,011,152 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l1mt4nci68jk2ni176
[2011/05/12 23:14:06 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\1i1iov1aj0j32i5
[2011/05/12 23:14:06 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1i1iov1aj0j32i5
[2011/05/03 17:15:09 | 000,007,597 | ---- | C] () -- C:\WINDOWS\ofuluheqic.dll
[2011/05/03 15:10:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jziyewiga.dat
[2011/05/03 15:10:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Akuxeco.bin
[2011/05/03 10:34:30 | 000,006,853 | ---- | C] () -- C:\WINDOWS\etodiwihe.dll
[2011/05/03 07:29:19 | 000,006,821 | ---- | C] () -- C:\WINDOWS\uyumizufa.dll
[2011/05/02 21:23:26 | 000,006,853 | ---- | C] () -- C:\WINDOWS\irovuviya.dll
[2011/05/02 18:44:29 | 000,006,853 | ---- | C] () -- C:\WINDOWS\owesuyaxukowomaq.dll
[2011/05/02 15:58:08 | 000,006,853 | ---- | C] () -- C:\WINDOWS\ijubecid.dll
[2011/05/02 13:17:50 | 000,006,853 | ---- | C] () -- C:\WINDOWS\okaziwakec.dll
[2011/05/02 09:59:32 | 000,006,853 | ---- | C] () -- C:\WINDOWS\idadifex.dll
[2011/05/02 06:58:37 | 000,006,821 | ---- | C] () -- C:\WINDOWS\arugakus.dll
[2011/05/01 20:16:58 | 000,006,853 | ---- | C] () -- C:\WINDOWS\etudazayu.dll
[2011/05/01 16:00:17 | 000,006,853 | ---- | C] () -- C:\WINDOWS\ileroyowuyazam.dll
[2011/05/01 12:14:16 | 000,006,821 | ---- | C] () -- C:\WINDOWS\iqoyiyuk.dll
[2011/04/30 22:08:29 | 000,006,821 | ---- | C] () -- C:\WINDOWS\abeqoyamukohiyi.dll
[2011/04/30 20:22:23 | 000,006,853 | ---- | C] () -- C:\WINDOWS\uvuyayidadotib.dll
[2011/04/30 17:13:04 | 000,006,853 | ---- | C] () -- C:\WINDOWS\inaqatuza.dll
[2011/04/30 14:18:39 | 000,006,853 | ---- | C] () -- C:\WINDOWS\abosiyuwamoxobuz.dll
[2011/04/30 11:44:38 | 000,006,853 | ---- | C] () -- C:\WINDOWS\ololecugofu.dll
[2011/04/30 08:29:36 | 000,006,821 | ---- | C] () -- C:\WINDOWS\ametigokidonot.dll
[2011/04/30 00:26:20 | 000,006,821 | ---- | C] () -- C:\WINDOWS\iyiquxojaponaduq.dll
[2011/04/29 21:29:41 | 000,006,853 | ---- | C] () -- C:\WINDOWS\osoxuzedes.dll
[2011/04/29 19:27:42 | 000,006,821 | ---- | C] () -- C:\WINDOWS\ewegitixe.dll
[2011/02/01 14:03:42 | 000,028,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/18 20:36:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/01/08 20:09:57 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 17:29:28 | 000,068,294 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2010/12/28 17:29:28 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2010/12/28 16:44:15 | 000,013,216 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\wklnhst.dat
[2010/12/28 13:52:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\fusioncache.dat
[2010/12/28 13:50:25 | 000,095,285 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2010/09/26 12:55:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/08 12:14:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/26 13:53:34 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/12/08 19:04:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/11/01 22:26:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2009/09/18 16:35:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/09/14 18:44:52 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2009/09/13 08:11:49 | 000,000,936 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/09/12 09:42:24 | 000,000,147 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/09/09 20:48:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/09 04:23:57 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009/09/05 05:33:51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/09/05 05:33:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/09/05 05:33:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/09/05 05:33:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/09/05 05:33:50 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/09/05 05:33:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/09/05 05:33:46 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/09/05 05:33:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/09/05 05:33:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/29 00:30:48 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/01/28 15:40:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/28 14:56:46 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/01/28 14:56:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/01/28 14:56:09 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/01/28 14:52:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/28 14:37:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/28 14:33:50 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/01/28 14:31:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/01/28 14:31:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/01/28 14:31:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/01/28 14:21:45 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/15 13:52:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/15 13:43:00 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/15 13:43:00 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/15 13:41:10 | 000,150,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/15 13:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/15 13:36:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/06/16 07:38:02 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== LOP Check ==========

[2011/05/07 23:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/28 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/05/20 20:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/26 16:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MightyPlay
[2010/03/12 17:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/10/15 16:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/09/09 00:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/04/26 14:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/06/21 12:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/19 15:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/09 22:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/21 11:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\AVG
[2010/12/28 16:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\AVG10
[2010/12/28 16:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\eMusic
[2011/03/18 23:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\GetRightToGo
[2005/01/28 15:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\InterMute
[2011/01/10 16:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\OpenOffice.org
[2011/06/21 11:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\QuickScan
[2005/01/28 15:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\SampleView
[2010/12/28 16:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Template
[2011/06/10 14:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Unity
[2010/12/28 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.COMPUTER\Application Data\Watchtower

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0766967
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2721624

< End of report >

#10 Ice D

Ice D
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 23 June 2011 - 09:07 PM

OTL Extras logfile created on: 6/23/2011 9:39:34 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Owner.COMPUTER\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

639.48 Mb Total Physical Memory | 474.03 Mb Available Physical Memory | 74.13% Memory free
1.53 Gb Paging File | 1.11 Gb Available in Paging File | 72.62% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.30 Gb Total Space | 0.69 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.67 Gb Free Space | 12.74% Space Free | Partition Type: FAT32

Computer Name: COMPUTER | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVG" = AVG 2011
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"SiS VGA Driver" = SiS VGA Utilities
"Snood 4_is1" = Snood 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2011 8:00:23 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module snood.exe,
version 0.0.0.0, fault address 0x00030862.

Error - 6/15/2011 8:00:28 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 810301012.

Error - 6/16/2011 2:00:32 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application snood.exe, version 0.0.0.0, faulting module snood.exe,
version 0.0.0.0, fault address 0x00030862.

Error - 6/17/2011 9:03:45 AM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2011 9:53:20 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/21/2011 12:57:29 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application TDSSKiller.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/21/2011 12:57:29 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application TDSSKiller.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/21/2011 1:02:32 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/22/2011 5:28:49 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/22/2011 8:44:47 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 8.2.0.81, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/22/2011 12:20:34 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/22/2011 12:51:12 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 6/22/2011 3:21:09 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 6/22/2011 8:49:11 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/22/2011 8:49:11 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/23/2011 9:02:01 AM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/23/2011 9:02:01 AM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/23/2011 12:32:50 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/23/2011 12:32:50 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/23/2011 8:33:24 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:28 PM

Posted 24 June 2011 - 05:17 PM

Good evening. :)

Unfortunately as your anti-virus is AVG you will need to temporarily uninstall it as it incorrectly identifies part of the next tool as malicious. If you don't have the installation file handy, you can get hold of a copy here.

Download a copy of ComboFix, as per the instructions below, uninstall AVG and reboot the PC. Run CF, ensuring the PC has internet access as it may require extra files, then reinstall AVG once the scan has completed and Bob's your auntie's husband.

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

So long, and thanks for all the fish.

 

 


#12 Ice D

Ice D
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 24 June 2011 - 09:00 PM

ComboFix 11-06-24.02 - Compaq_Owner 06/24/2011 21:41:09.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.639.498 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner.COMPUTER\My Documents\Downloads\CF.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\defender.exe
c:\documents and settings\All Users\Desktop\Malware Protection.lnk
c:\documents and settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\{0CDCBA10-58D7-4B9E-9DC8-619C520A803E}
c:\documents and settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\{0CDCBA10-58D7-4B9E-9DC8-619C520A803E}\chrome.manifest
c:\documents and settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\{0CDCBA10-58D7-4B9E-9DC8-619C520A803E}\chrome\content\_cfg.js
c:\documents and settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\{0CDCBA10-58D7-4B9E-9DC8-619C520A803E}\chrome\content\overlay.xul
c:\documents and settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\{0CDCBA10-58D7-4B9E-9DC8-619C520A803E}\install.rdf
c:\documents and settings\Compaq_Owner.COMPUTER\WINDOWS
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Susanna\WINDOWS
C:\install.exe
c:\windows\abeqoyamukohiyi.dll
c:\windows\abosiyuwamoxobuz.dll
c:\windows\ametigokidonot.dll
c:\windows\arugakus.dll
c:\windows\etodiwihe.dll
c:\windows\etudazayu.dll
c:\windows\ewegitixe.dll
c:\windows\idadifex.dll
c:\windows\ijubecid.dll
c:\windows\ileroyowuyazam.dll
c:\windows\inaqatuza.dll
c:\windows\iqoyiyuk.dll
c:\windows\irovuviya.dll
c:\windows\iyiquxojaponaduq.dll
c:\windows\ofuluheqic.dll
c:\windows\okaziwakec.dll
c:\windows\ololecugofu.dll
c:\windows\osoxuzedes.dll
c:\windows\owesuyaxukowomaq.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\uvuyayidadotib.dll
c:\windows\uyumizufa.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 01:27 . 2011-06-25 01:27 -------- d-----w- c:\windows\LastGood
2011-06-23 16:38 . 2011-06-23 16:38 -------- d-sh--w- c:\documents and settings\Compaq_Owner.COMPUTER\PrivacIE
2011-06-23 16:33 . 2011-06-23 16:33 -------- d-sh--w- c:\documents and settings\Compaq_Owner.COMPUTER\IETldCache
2011-06-22 11:21 . 2011-06-22 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 11:19 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-22 11:19 . 2011-06-16 04:17 712976 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-06-22 11:18 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 11:18 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 22:01 . 2011-06-21 22:01 -------- d-----w- c:\program files\ESET
2011-06-10 18:28 . 2011-06-10 18:28 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPUTER\Application Data\Unity
2011-06-10 17:44 . 2011-06-21 16:29 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\Unity
2011-06-10 17:23 . 2011-06-10 17:23 40960 ----a-r- c:\documents and settings\Compaq_Owner.COMPUTER\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-06-07 20:28 . 2011-06-07 20:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2011-06-07 01:56 . 2011-06-07 01:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-31 21:41 . 2011-05-31 21:41 -------- d-----w- C:\hegames
2011-05-31 20:19 . 2011-05-31 20:19 -------- d-----w- c:\program files\directx
2011-05-31 01:36 . 2011-05-31 01:36 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPUTER\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 17:23 . 2010-12-29 03:09 40960 ----a-r- c:\documents and settings\Compaq_Owner.COMPUTER\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-05-29 13:11 . 2011-05-14 00:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-05-14 00:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-06-16 04:17 . 2011-06-22 11:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.COMPUTER^Start Menu^Programs^Startup^Compaq Organize.lnk]
path=c:\documents and settings\Compaq_Owner.COMPUTER\Start Menu\Programs\Startup\Compaq Organize.lnk
backup=c:\windows\pss\Compaq Organize.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.COMPUTER^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Compaq_Owner.COMPUTER\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-30 00:06 88363 -c--a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 -c--a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 18:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 02:02 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-15 04:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 21:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-13 02:13 98304 ----a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/13/2011 8:39 PM 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/13/2011 8:39 PM 22712]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\documents and settings\Compaq_Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\frcwolap.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2382372&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://ride.searchpw.com/?t=w&p=1&q=hotmail&b=1|http://ride.searchpw.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
HKCU-Run-Security Protection - c:\documents and settings\All Users\Application Data\defender.exe
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe
MSConfigStartUp-Krapevafiyupa - c:\windows\unodigoj.dll
MSConfigStartUp-Malware Protection - c:\documents and settings\All Users\Application Data\defender.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
MSConfigStartUp-Xtepovu - c:\windows\tioxft1.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-24 21:47
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-24 21:49:49
ComboFix-quarantined-files.txt 2011-06-25 01:49
.
Pre-Run: 2,131,058,688 bytes free
Post-Run: 2,459,291,648 bytes free
.
- - End Of File - - BF08FB74A7ADC68A7742B87BFAC01093

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:28 PM

Posted 25 June 2011 - 01:42 PM

Good evening. :)

Let me know how the PC is behaving.


Also, did you uninstall AVG before you ran ComboFix?

So long, and thanks for all the fish.

 

 


#14 Ice D

Ice D
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 25 June 2011 - 02:29 PM

I uninstalled avg through remove programs but I still got a warning from combo fix that avg was installed even though after I uninstalled it I couldn't find it any where. After I ran the scan I did download the removal tool and removed avg that way.

Just before I ran combofix fake malware protection popped up on my desktop, but it was gone after combofix ran.

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:28 PM

Posted 25 June 2011 - 02:43 PM

And is Google still redirecting?

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users