Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect to midllesearch.net


  • Please log in to reply
17 replies to this topic

#1 DinoBravo

DinoBravo

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 15 November 2011 - 02:04 PM

Hi, new to this site. Hope someone can help me out. anytime i google anything i get redirected via midllesearch.net to seemingly random websites. i had avsecurity 2012 come up, had a tough time getting rid of that(temp fix?) but still have this redirect problem. I use stopzilla for spyware etc. Thanks for any support.

Edited by hamluis, 15 November 2011 - 02:28 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:00 PM

Posted 15 November 2011 - 10:32 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 DinoBravo

DinoBravo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 17 November 2011 - 09:18 PM

Thanks for helping me out heres the security check log
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 6
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

here is the mini toolbox result

MiniToolBox by Farbar
Ran by Owner (administrator) on 17-11-2011 at 20:26:58
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


94.63.240.129 www.google.com
94.63.240.130 www.bing.com


========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : computer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : cable.rcn.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : cable.rcn.com

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-40-F4-DA-07-A1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 208.59.247.45

208.59.247.46

Lease Obtained. . . . . . . . . . : Thursday, November 17, 2011 7:07:23 PM

Lease Expires . . . . . . . . . . : Friday, November 18, 2011 7:07:23 PM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : 802.11g Wireless PCI Card

Physical Address. . . . . . . . . : 00-E0-98-D7-CD-5D

Server: secondary.atw.pa.dns.rcn.net
Address: 208.59.247.45

Name: google.com
Addresses: 74.125.226.145, 74.125.226.146, 74.125.226.147, 74.125.226.148
74.125.226.144



Pinging google.com [74.125.226.144] with 32 bytes of data:



Reply from 74.125.226.144: bytes=32 time=16ms TTL=56

Reply from 74.125.226.144: bytes=32 time=15ms TTL=56



Ping statistics for 74.125.226.144:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 16ms, Average = 15ms

Server: secondary.atw.pa.dns.rcn.net
Address: 208.59.247.45

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=82ms TTL=53

Reply from 209.191.122.70: bytes=32 time=68ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 68ms, Maximum = 82ms, Average = 75ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 f4 da 07 a1 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 e0 98 d7 cd 5d ...... 802.11g Wireless PCI Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.2 192.168.0.2 20
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
255.255.255.255 255.255.255.255 192.168.0.2 3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll [173344] (iS3 & AVG Exploit Prevention Labs, Inc.)
Catalog9 02 C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll [173344] (iS3 & AVG Exploit Prevention Labs, Inc.)
Catalog9 03 C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll [173344] (iS3 & AVG Exploit Prevention Labs, Inc.)
Catalog9 04 C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll [173344] (iS3 & AVG Exploit Prevention Labs, Inc.)
Catalog9 05 C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll [173344] (iS3 & AVG Exploit Prevention Labs, Inc.)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll [173344] (iS3 & AVG Exploit Prevention Labs, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/17/2011 09:42:10 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/13/2011 10:06:36 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 12618, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/13/2011 10:06:33 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/13/2011 10:06:33 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 12618, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/07/2011 06:57:18 PM) (Source: Application Error) (User: )
Description: Faulting application mDNSResponder.exe, version 2.0.4.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (mDNSResponder.exe!ld!)

Error: (11/07/2011 06:56:14 PM) (Source: Application Error) (User: )
Description: Faulting application mDNSResponder.exe, version 2.0.4.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [mDNSResponder.exe!ws!]

Error: (11/07/2011 05:51:00 PM) (Source: Application Error) (User: )
Description: Faulting application mDNSResponder.exe, version 2.0.4.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [mDNSResponder.exe!ws!]

Error: (11/07/2011 05:50:34 PM) (Source: Bonjour Service) (User: )
Description: DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0 too short

Error: (11/07/2011 05:50:22 PM) (Source: Bonjour Service) (User: )
Description: UDPEndRecv: WSARecvMsg control information error.

Error: (09/24/2011 00:48:34 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (11/17/2011 07:19:00 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

Error: (11/17/2011 07:15:05 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/17/2011 07:11:08 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/17/2011 07:08:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (11/17/2011 07:02:59 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

Error: (11/17/2011 07:01:40 PM) (Source: DCOM) (User: Owner)
Description: The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register with DCOM within the required timeout.

Error: (11/17/2011 06:59:47 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/17/2011 06:56:03 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/16/2011 10:56:31 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (11/15/2011 00:24:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde


Microsoft Office Sessions:
=========================
Error: (11/17/2011 09:42:10 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/13/2011 10:06:36 PM) (Source: LoadPerf)(User: )
Description: 12618

Error: (11/13/2011 10:06:33 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (11/13/2011 10:06:33 PM) (Source: LoadPerf)(User: )
Description: 12618

Error: (11/07/2011 06:57:18 PM) (Source: Application Error)(User: )
Description: mDNSResponder.exe2.0.4.0unknown0.0.0.000000000

Error: (11/07/2011 06:56:14 PM) (Source: Application Error)(User: )
Description: mDNSResponder.exe2.0.4.0unknown0.0.0.000000000

Error: (11/07/2011 05:51:00 PM) (Source: Application Error)(User: )
Description: mDNSResponder.exe2.0.4.0unknown0.0.0.000000000

Error: (11/07/2011 05:50:34 PM) (Source: Bonjour Service)(User: )
Description: DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0 too short

Error: (11/07/2011 05:50:22 PM) (Source: Bonjour Service)(User: )
Description: UDPEndRecv: WSARecvMsg control information error.

Error: (09/24/2011 00:48:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Reader 8.1.1 (Version: 8.1.1)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Ask Toolbar (Version: 1.13.1.0)
birdJam Maker (Version: 3.0.0)
Bonjour (Version: 2.0.4.0)
CrossLoop 2.11 (Version: 2.11)
Dell Resource CD (Version: 1.00.0000)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.79)
H&R Block Deluxe + Efile + State 2009 (Version: 09.04.6401)
H&R Block Deluxe + Efile + State 2010 (Version: 10.04.5701)
H&R Block Pennsylvania 2009 (Version: 1.09.3601)
H&R Block Pennsylvania 2010 (Version: 1.10.3001)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
iTunes (Version: 10.1.1.4)
Java™ 6 Update 6 (Version: 1.6.0.60)
Lexmark 4300 Series
Lexmark Fax Solutions
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Web Publishing Wizard 1.52
Microsoft XML Parser (Version: 8.70.1104.04)
MobileMe Control Panel (Version: 2.6.0.29)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
OLYMPUS ib (Version: 1.1.1404)
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Photo Explosion Deluxe 3.0 (Version: 3.0.0.14)
Picasa 2 (Version: 2.0)
PowerDVD 5.5
QuickTime (Version: 7.69.80.9)
SecurDisc Viewer (Version: 1.2.8)
Sonic DLA (Version: 5.2.1)
Sonic Update Manager (Version: 3.0.0)
Sony Picture Utility (Version: 3.0.00.11220)
SoundMAX (Version: 5.12.01.5246)
STOPzilla (Version: 5.0.30.72)
TaxCut Pennsylvania 2007 (Version: 1.07.5001)
TaxCut Pennsylvania 2008 (Version: 1.08.3301)
TaxCut Premium + State + Efile 2007 (Version: 07.05.0000)
TaxCut Premium + State + Efile 2008 (Version: 08.07.6201)
TestDrive Client (Version: 1.00.2000)
VCRedistSetup (Version: 1.0.0)
WD Diagnostics (Version: 1.09.0002)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 82%
Total physical RAM: 253.98 MB
Available physical RAM: 44.21 MB
Total Pagefile: 621.84 MB
Available Pagefile: 228.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.02 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.5 GB) (Free:42.63 GB) NTFS
5 Drive f: (My Book) (Fixed) (Total:465.64 GB) (Free:401.21 GB) FAT32

========================= Users: ========================================

User accounts for \\COMPUTER

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0


**** End of log ****

and here is my malwarebytes log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8184

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/17/2011 9:14:38 PM
mbam-log-2011-11-17 (21-14-38).txt

Scan type: Quick scan
Objects scanned: 243988
Time elapsed: 22 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Value: ADP -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users.windows\application data\privacy.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.

i will restart my computer now. then post gmer log

#4 DinoBravo

DinoBravo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 18 November 2011 - 09:26 PM

Here is the gmer log, after i restarted the computer after running malware, a runDLL error came up as Error loading\3\lxcetime.dll.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-18 21:02:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75JHA0 rev.05.01C05
Running: hwbgw8vt.exe; Driver: C:\DOCUME~1\OWNER~1.COM\LOCALS~1\Temp\pgliqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF9651760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8C23F80]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Prefetch\AGENT.EXE-10B4BAEA.pf 53188 bytes
File C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf 19628 bytes
File C:\WINDOWS\Prefetch\OLYCAMDETECT.EXE-2AD5A349.pf 19564 bytes
File C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf 12254 bytes
File C:\WINDOWS\Prefetch\ISUSPM.EXE-09573F0F.pf 26890 bytes
File C:\WINDOWS\Prefetch\JUCHECK.EXE-29743D6D.pf 30690 bytes
File C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf 85976 bytes
File C:\WINDOWS\Prefetch\SAUPDATE.EXE-01D42FCF.pf 15572 bytes
File C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf 25364 bytes
File C:\WINDOWS\Prefetch\ISSCH.EXE-3ACEF8DC.pf 7958 bytes
File C:\WINDOWS\Prefetch\Layout.ini 275180 bytes
File C:\WINDOWS\Prefetch\LXCECOMS.EXE-06F1EA52.pf 25440 bytes
File C:\WINDOWS\Prefetch\MUISTARTMENU.EXE-08B11314.pf 11226 bytes
File C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf 743188 bytes
File C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf 20412 bytes
File C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf 62586 bytes
File C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf 65804 bytes
File C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1E123D86.pf 28012 bytes
File C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf 126432 bytes
File C:\WINDOWS\Prefetch\SPOOLSV.EXE-282F76A7.pf 19882 bytes
File C:\WINDOWS\Prefetch\SPUVOLUMEWATCHER.EXE-20CF0A97.pf 17230 bytes
File C:\WINDOWS\Prefetch\SSFLWBOX.SCR-12F43B2F.pf 45860 bytes
File C:\WINDOWS\Prefetch\UPDATETASK.EXE-154F922C.pf 48124 bytes
File C:\WINDOWS\Prefetch\STOPZILLA.EXE-03079308.pf 46902 bytes
File C:\WINDOWS\Prefetch\SZOPTIONS.EXE-2417D55E.pf 102600 bytes
File C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf 53974 bytes
File C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf 139156 bytes
File C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf 44840 bytes
File C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 26388 bytes
File C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf 19212 bytes
File C:\WINDOWS\Prefetch\IS3UPDATER.EXE-10F282FC.pf 79982 bytes
File C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf 14684 bytes
File C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf 78118 bytes
File C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 17744 bytes
File C:\WINDOWS\Provisioning\Schemas\eaphostusercredentials.xsd 1353 bytes
File C:\WINDOWS\Provisioning\Schemas\masterfile.xdr 2459 bytes
File C:\WINDOWS\Provisioning\Schemas\baseeapconnectionpropertiesv1.xdr 520 bytes
File C:\WINDOWS\Provisioning\Schemas\baseeapconnectionpropertiesv1.xsd 1066 bytes
File C:\WINDOWS\Provisioning\Schemas\baseeapmethodconfig.xsd 612 bytes
File C:\WINDOWS\Provisioning\Schemas\baseeapmethodusercredentials.xsd 648 bytes
File C:\WINDOWS\Provisioning\Schemas\baseeapuserpropertiesv1.xdr 580 bytes
File C:\WINDOWS\Provisioning\Schemas\baseeapuserpropertiesv1.xsd 1116 bytes
File C:\WINDOWS\Provisioning\Schemas\branding.xdr 1426 bytes
File C:\WINDOWS\Provisioning\Schemas\eapcommon.xsd 752 bytes
File C:\WINDOWS\Provisioning\Schemas\eapconnectionpropertiesv1.xdr 689 bytes
File C:\WINDOWS\Provisioning\Schemas\eapconnectionpropertiesv1.xsd 1159 bytes
File C:\WINDOWS\Provisioning\Schemas\eapgenericusercredentials.xsd 1120 bytes
File C:\WINDOWS\Provisioning\Schemas\eaphostconfig.xsd 1275 bytes
File C:\WINDOWS\Provisioning\Schemas\mschapv2connectionpropertiesv1.xdr 395 bytes
File C:\WINDOWS\Provisioning\Schemas\mschapv2connectionpropertiesv1.xsd 1271 bytes
File C:\WINDOWS\Provisioning\Schemas\mschapv2userpropertiesv1.xdr 861 bytes
File C:\WINDOWS\Provisioning\Schemas\mschapv2userpropertiesv1.xsd 1410 bytes
File C:\WINDOWS\Provisioning\Schemas\mspeapconnectionpropertiesv1.xdr 1911 bytes
File C:\WINDOWS\Provisioning\Schemas\mspeapconnectionpropertiesv1.xsd 2843 bytes
File C:\WINDOWS\Provisioning\Schemas\mspeapuserpropertiesv1.xdr 698 bytes
File C:\WINDOWS\Provisioning\Schemas\mspeapuserpropertiesv1.xsd 1484 bytes
File C:\WINDOWS\Provisioning\Schemas\register.xdr 1032 bytes
File C:\WINDOWS\Provisioning\Schemas\ssid.xdr 1673 bytes
File C:\WINDOWS\Provisioning\Schemas\wirelessprofile.xdr 2036 bytes
File C:\WINDOWS\Provisioning\Schemas\wizard.xdr 22405 bytes
File C:\WINDOWS\Provisioning\Schemas\eaptlsconnectionpropertiesv1.xsd 3192 bytes
File C:\WINDOWS\Provisioning\Schemas\eaptlsuserpropertiesv1.xsd 1329 bytes
File C:\WINDOWS\Provisioning\Schemas\eapuserpropertiesv1.xdr 378 bytes
File C:\WINDOWS\Provisioning\Schemas\eapuserpropertiesv1.xsd 789 bytes
File C:\WINDOWS\Provisioning\Schemas\flashconfig.xdr 4089 bytes
File C:\WINDOWS\Provisioning\Schemas\flashconfigdevice.xdr 9924 bytes
File C:\WINDOWS\Provisioning\Schemas\help.xdr 732 bytes
File C:\WINDOWS\Provisioning\Schemas\locations.xdr 1721 bytes
File C:\WINDOWS\pss\boot.ini.backup 211 bytes
File C:\WINDOWS\pss\system.ini.backup 231 bytes
File C:\WINDOWS\pss\win.ini.backup 555 bytes
File C:\WINDOWS\Registration\CRMLog 0 bytes
File C:\WINDOWS\Registration\R000000000001.clb 52 bytes
File C:\WINDOWS\Registration\R000000000003.clb 21640 bytes
File C:\WINDOWS\Registration\R000000000006.clb 22512 bytes
File C:\WINDOWS\Registration\R000000000007.clb 22512 bytes
File C:\WINDOWS\Registration\R000000000008.clb 22512 bytes
File C:\WINDOWS\Registration\R000000000009.clb 22512 bytes
File C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{55875E49-3D90-47BB-ACE5-46C38F703776}.crmlog 1048576 bytes
File C:\WINDOWS\repair\autoexec.nt 1688 bytes
File C:\WINDOWS\repair\config.nt 2577 bytes
File C:\WINDOWS\repair\default 225280 bytes
File C:\WINDOWS\repair\ntuser.dat 225280 bytes
File C:\WINDOWS\repair\sam 20480 bytes
File C:\WINDOWS\repair\secsetup.inf 197044 bytes
File C:\WINDOWS\repair\security 28672 bytes
File C:\WINDOWS\repair\setup.log 210069 bytes
File C:\WINDOWS\repair\software 8491008 bytes
File C:\WINDOWS\repair\system 1433600 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4 5330 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\0897206B35294097C3660E62BCDB227C 2202 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 18 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 341 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D 552 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3C19F8F5C2A69BEC912EF5B953293907 1294 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 265437 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\4DB1DABDF57ED9997FE8DCC77E93C04F 409988 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\52FE9FFE4780FF24EC690DB2F1D013CE 1518 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\570FB14ABC805C46708F32F92F10C3B4 618 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\5F74056C561F814B7771CB2993A44DEB 45182 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 898 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD 781 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 147261 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7735880A01E3F94F763761958A7A8191 1219 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 413 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 552 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 571 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 31968 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211 597 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD 558 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 96089 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F03FBEED31BB9347A2DDFF031058505F 3373 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\0897206B35294097C3660E62BCDB227C 194 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 216 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 126 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C19F8F5C2A69BEC912EF5B953293907 126 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 120 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\4DB1DABDF57ED9997FE8DCC77E93C04F 98 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\52FE9FFE4780FF24EC690DB2F1D013CE 160 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\570FB14ABC805C46708F32F92F10C3B4 174 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\5F74056C561F814B7771CB2993A44DEB 104 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 94 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD 156 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 124 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7735880A01E3F94F763761958A7A8191 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 98 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 136 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 216 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211 142 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD 146 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 124 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F03FBEED31BB9347A2DDFF031058505F 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\CrashReports 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb 720896 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD 498 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML 12784 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini 62 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini 145 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini 145 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB958481_20090807_024903140.html 498448 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB958483_20090807_025527609.html 111806 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB977354_20100624_023616734-Msi0.txt 2359732 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB977354_20100624_023616734.html 113072 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB982168_20100613_070848343-Msi0.txt 11697456 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB982168_20100613_070848343-Msi1.txt 2206858 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB982168_20100613_070848343.html 576180 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2416473_20101008_070154968-Msi0.txt 826884 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2416473_20101008_070154968.html 85852 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB958484_20090807_025753093-Msi0.txt 751234 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB958484_20090807_025753093.html 92720 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB963707_20090902_070021546-Msi0.txt 425996 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB963707_20090902_070021546.html 74672 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB974417_20091014_070535265-Msi0.txt 9931140 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB974417_20091014_070535265.html 497144 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB976576_20100624_022925156-Msi0.txt 12249726 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB976576_20100624_022925156.html 498800 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB979909_20100613_070221671-Msi0.txt 10518884 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB979909_20100613_070221671.html 494672 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB983583_20100813_025433515-Msi0.txt 12285752 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB983583_20100813_025433515.html 499168 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB958483_20090807_025527609-Msi0.txt 2117952 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2418241_20101007_070138062-Msi0.txt 12301194 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2418241_20101007_070138062.html 495924 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2446704_20110415_070743259-Msi0.txt 12404586 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2446704_20110415_070743259.html 496202 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2478658_20110629_023556625-Msi0.txt 12375930 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2478658_20110629_023556625.html 498598 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2518864_20110629_024139938-Msi0.txt 12463420 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2518864_20110629_024139938.html 499226 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2539631_20110812_070937215-Msi0.txt 12422442 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2539631_20110812_070937215.html 496980 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2572073_20111014_070759906-Msi0.txt 13047528 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2572073_20111014_070759906.html 498120 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB958481_20090807_024903140-Msi0.txt 9405880 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1FPO002R 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1FPO002R\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GUEHS7ES 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GUEHS7ES\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QJTS5SCP 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QJTS5SCP\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QXFON6PF 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QXFON6PF\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Compressed (zipped) Folder.ZFSendToTarget 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Desktop (create shortcut).DeskLink 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini 181 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Mail Recipient.MAPIMail 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 348 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 1491 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 1498 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 1467 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 1505 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk 1521 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini 482 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini 84 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk 804 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk 1485 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk 386 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk 1485 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk 1493 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk 1477 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini 148 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk 1565 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini 84 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk 792 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7015fce8-80eb-48ce-9b6e-7b0439dfc78f 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\02a46448-eb1d-4aea-a7af-c69091d84af5 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\254f7f6e-0b69-4023-8b50-f5f83846b827 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\31a762bd-6713-44f7-a3c3-adfc9bad2846 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\40e128a2-e442-4455-9c93-a4e7e75cfefd 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4a7c022a-c0a9-44ff-8590-f2ea9a9c8e20 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4b2d3a12-ac86-4c7b-a401-29df69de2eb9 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4d6168b5-b385-4214-914b-d20582859e82 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\67753c61-845d-47fa-a29c-2d7606df9775 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\6aaaec0b-a433-49e0-931a-6b21cd0218c1 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\72db1a84-06a9-4b63-8815-6b2be9a1a4b7 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\95a08323-6d89-49b0-82ea-ddb66b91ef4c 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e0118769-5842-4acb-933c-1564231fe2d0 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ef594efd-f260-4729-88cc-bacf8175e81b 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f8a00c18-7add-40b7-a1dd-249dff068b74 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\febc1242-34aa-4b7e-9a91-36cf5d762806 388 bytes
File C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 24 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C 0 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\GEARAspiWDM.inf 2763 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\GEARAspiWDMx86.cat 7994 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86 0 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll 107368 bytes executable
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys 26600 bytes executable
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE 0 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\GEARAspiWDM.inf 2763 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\GEARAspiWDMx86.cat 7919 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86 0 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspi.dll 107368 bytes executable
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspiWDM.sys 23848 bytes executable
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3 0 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\GEARAspiWDM.inf 2761 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\GEARAspiWDMx86.cat 11168 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86 0 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll 107368 bytes executable
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys 15464 bytes executable
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD 0 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\GEARAspiWDM.inf 2763 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\GEARAspiWDMx86.cat 7919 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86 0 bytes
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll 107368 bytes executable
File C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys 23400 bytes executable
File C:\WINDOWS\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72 0 bytes
File C:\WINDOWS\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72\netaapl.cat 8607 bytes
File C:\WINDOWS\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72\netaapl.inf 3523 bytes
File C:\WINDOWS\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72\netaapl.sys 18432 bytes executable
File C:\WINDOWS\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72\wdfcoinstaller01009.dll 1461992 bytes executable
File C:\WINDOWS\system32\DRVSTORE\olycamcomm_443826FC96EF44DB802C7D7FD82451DA7A0ABB86 0 bytes
File C:\WINDOWS\system32\DRVSTORE\olycamcomm_443826FC96EF44DB802C7D7FD82451DA7A0ABB86\OlyCamComm.cat 7974 bytes
File C:\WINDOWS\system32\DRVSTORE\olycamcomm_443826FC96EF44DB802C7D7FD82451DA7A0ABB86\olycamcomm.inf 2384 bytes
File C:\WINDOWS\system32\DRVSTORE\olycamcomm_443826FC96EF44DB802C7D7FD82451DA7A0ABB86\OlyCamComm.sys 21648 bytes executable
File C:\WINDOWS\system32\DRVSTORE\olycamcomm_443826FC96EF44DB802C7D7FD82451DA7A0ABB86\OlyClsInstCC.dll 29328 bytes executable
File C:\WINDOWS\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F 0 bytes
File C:\WINDOWS\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F\USBAAPL.CAT 11933 bytes
File C:\WINDOWS\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F\usbaapl.inf 4461 bytes
File C:\WINDOWS\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F\usbaapl.sys 41984 bytes executable
File C:\WINDOWS\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F\usbaaplrc.dll 4184352 bytes executable
File C:\WINDOWS\system32\oobe\html\mouse\images 0 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\bulzano.jpg 72921 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\bulzanom.jpg 40046 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but1_dwn.gif 1188 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but1_idl.gif 543 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but1_up.gif 1190 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but2_dwn.gif 751 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but2_idl.gif 409 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but2_up.gif 753 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but3_dwn.gif 981 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but3_idl.gif 590 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but3_up.gif 983 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but4_dwn.gif 825 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but4_idl.gif 436 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\but4_up.gif 823 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\clicking.gif 6829 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\desktop3.gif 17486 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\heidelb.jpg 35268 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\heidelbm.jpg 20512 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\mouse4.gif 47282 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\mouseimg.gif 4361 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\paris.jpg 42189 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\parism.jpg 25628 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\pisa.jpg 39156 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\pisam.jpg 22602 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\prague.jpg 38850 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\praguem.jpg 23646 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\tyrol.jpg 63016 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\tyrolm.jpg 33735 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\venice.jpg 49251 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\venicem.jpg 27707 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\verona.jpg 52203 bytes
File C:\WINDOWS\system32\oobe\html\mouse\images\veronam.jpg 30177 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse.htm 3972 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_a.htm 2299 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_b.htm 2338 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm 3622 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm 2244 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm 3663 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm 2275 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm 3255 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm 2837 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm 3250 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm 2805 bytes
File C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm 2729 bytes

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:00 PM

Posted 18 November 2011 - 09:43 PM

First of all, you're not running any AV program.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html (make sure to opt out from installing Ask Toolbar - it comes pre-checked)
Update, run full scan, report on any findings.

When done....

Your "hosts" file has been hijacked.

Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.

Then....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 DinoBravo

DinoBravo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 19 November 2011 - 07:56 PM

here is the system look log.

SystemLook 30.07.11 by jpshortstuff
Log created at 19:55 on 19/11/2011 by Owner
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts.old -rah--- 884 bytes [10:00 04/08/2004] [20:51 03/11/2011]
lmhosts.sam --a--c- 3683 bytes [10:00 04/08/2004] [10:00 04/08/2004]
networks --a--c- 407 bytes [10:00 04/08/2004] [10:00 04/08/2004]
protocol --a---- 799 bytes [10:00 04/08/2004] [10:00 04/08/2004]
services --a--c- 7116 bytes [10:00 04/08/2004] [10:00 04/08/2004]

---Folders---
None found.

-= EOF =-

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:00 PM

Posted 19 November 2011 - 07:57 PM

We need to rebuild your "hosts" file.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. Make sure the file is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image


Post new System Look log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 DinoBravo

DinoBravo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 19 November 2011 - 08:09 PM

Everything seems to be running fine right now, not getting a google redirect, no pop ups etc, although my computer seems to have come to a crawl. not sure if this is from malwarebytes and avast running.

#9 DinoBravo

DinoBravo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 19 November 2011 - 08:19 PM

Here is the 2nd system look log

SystemLook 30.07.11 by jpshortstuff
Log created at 20:18 on 19/11/2011 by Owner
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
host --a---- 715 bytes [01:14 20/11/2011] [01:14 20/11/2011]
hosts.old -rah--- 884 bytes [10:00 04/08/2004] [20:51 03/11/2011]
lmhosts.sam --a--c- 3683 bytes [10:00 04/08/2004] [10:00 04/08/2004]
networks --a--c- 407 bytes [10:00 04/08/2004] [10:00 04/08/2004]
protocol --a---- 799 bytes [10:00 04/08/2004] [10:00 04/08/2004]
services --a--c- 7116 bytes [10:00 04/08/2004] [10:00 04/08/2004]

---Folders---
None found.

-= EOF =-

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:00 PM

Posted 19 November 2011 - 08:45 PM

Good job :)

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 DinoBravo

DinoBravo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 20 November 2011 - 12:14 PM

here is the eset scan log

C:\Program Files\LP\7A13\A.tmp a variant of Win32/Kryptik.VHI trojan cleaned by deleting - quarantined

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:00 PM

Posted 20 November 2011 - 02:03 PM

Any current issues?

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 DinoBravo

DinoBravo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 20 November 2011 - 07:48 PM

No current issues, thanks. just running a little slow. i need more memory. I will update java and take off quick start.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:00 PM

Posted 20 November 2011 - 07:50 PM

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 DinoBravo

DinoBravo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 20 November 2011 - 09:40 PM

I thought i posted this i guess not, Do i need avast antivirus yet? with that and malware running it slows my computer down.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users