Solved Google redirect and Jump problem

elfagobarcus · 2010/10/15

[Resolved] Google redirect and Jump problem

I picked up the TDSSkiller that messed up my computer. I had it cleaned and they had to restore the hard drive. I still have the problem of redirecting and jump. It was even difficult to get to this forum. The results of the DDS are as follows:

DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 21:20:56.95 on Fri 10/15/2010
Internet Explorer: 8.0.6001.18702
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.foxnews.com/?o=15784&l=dis
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [VTTimer] VTTimer.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [RDListener] c:\program files\registry defense\RDListener.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279285186546
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-10-14 08:03:27 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-08 04:01:12 -------- d-----w- c:\docume~1\owner\applic~1\KompoZer
2010-10-05 02:55:24 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-10-05 02:55:24 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-05 02:54:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX
2010-09-21 16:41:45 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-21 16:38:41 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-21 16:37:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-09-21 16:37:54 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-21 00:24:24 -------- d-----w- c:\docume~1\owner\applic~1\DriverCure
2010-09-21 00:24:23 -------- d-----w- c:\docume~1\owner\applic~1\ParetoLogic
2010-09-21 00:24:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-09-20 15:32:08 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp
2010-09-20 15:28:20 -------- dc-h--w- c:\windows\ie8
2010-09-20 15:26:38 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-19 01:08:47 -------- d-----w- c:\program files\IObit
2010-09-19 01:08:47 -------- d-----w- c:\docume~1\owner\applic~1\IObit
2010-09-17 21:24:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-09-17 07:14:42 6084944 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{2cdcd53c-dbbc-4c15-929e-58eeb6e16c3f}\mpengine.dll

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 21:21:41.14 ===============

broni · 2010/10/15

Welcome aboard

Attach.txt is missing.

elfagobarcus · 2010/10/16

additional DDS text

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Advanced SystemCare 3
BufferChm
CameraDrivers
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DlManifest for User State Migration Tools 3.0.1
DScaler 5 Mpeg Decoders
eSupportQFolder
Family Tree Maker Version 16
FullDPAppQFolder
GenSmarts
GolfHandicap 2.0
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB944043-v3)
Hotfix for Windows XP (KB951830)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Product Assistant
HP Update
HPProductAssistant
ImgBurn
InstantShareDevices
ISO Recorder
Java Auto Updater
Java(TM) 6 Update 21
LightScribe 1.6.43.1
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Office Web Components
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nero 7 Essentials
neroxml
OpenOffice.org 3.2
PanoStandAlone
Photo Story 3 for Windows
PhotoGallery
PS8200
PSPrinters08
PSTAPlugin
RandMap
RegistryDefense
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB955417)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Spybot - Search & Destroy
Status
SUPERAntiSpyware
SysTools Outlook Express Restore
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB958752)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
User State Migration Tools version 3.0.1
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
WebReg
Windows Defender
Windows Easy Transfer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0

==== End Of File ===========================

broni · 2010/10/16

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

elfagobarcus · 2010/10/16

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/16/2010 10:41:08 PM
mbam-log-2010-10-16 (22-41-08).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 174946
Time elapsed: 56 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

elfagobarcus · 2010/10/16

Corrected log after removal
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/16/2010 10:47:08 PM
mbam-log-2010-10-16 (22-47-08).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 174946
Time elapsed: 56 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/10/16

Go on....

elfagobarcus · 2010/10/17

Step 2
GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-17 00:47:47
Windows 5.1.2600 Service Pack 3
Running: imulmzb8.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxtdrpow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB8991620]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB35D86D0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2148] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3312] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3720] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Step 3
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF798B000 ViaIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 videX32.sys
0xF7717000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF74A3000 viamraid.sys
0xF748B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF746B000 fltMgr.sys
0xF7459000 sr.sys
0xF771F000 PxHelp20.sys
0xF7442000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7415000 NDIS.sys
0xF7727000 viaagp1.sys
0xF787D000 Mup.sys
0xB9E44000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xB9D35000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xB9D21000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9E34000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9E24000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9E14000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9CFE000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9CDA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9CA7000 \SystemRoot\system32\drivers\vinyl97.sys
0xB9C83000 \SystemRoot\system32\drivers\portcls.sys
0xF7677000 \SystemRoot\system32\drivers\drmk.sys
0xF7687000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7697000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7FC000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9C6F000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5CB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7F8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9C58000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9C47000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7807000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9B99000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7E8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7587000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7577000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA7B0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9D62000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF781F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF774F000 \SystemRoot\System32\drivers\vga.sys
0xF79AD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7757000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF775F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF790F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB8AB6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8A5D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB8A23000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB89FD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7557000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7927000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7547000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB89CB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB89A9000 \SystemRoot\System32\drivers\afd.sys
0xF7537000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8987000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7767000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB895C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB88EC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7527000 \SystemRoot\System32\Drivers\Fips.SYS
0xF776F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF792B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF777F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7787000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7517000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF792F000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF778F000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB87A0000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB877C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF74F7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8764000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9B85000 \SystemRoot\System32\drivers\Dxapi.sys
0xF779F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7ABE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3E24000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3A7F000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3EAC000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3704000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79E5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB35E4000 \SystemRoot\system32\DRIVERS\srv.sys
0xB35D8000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xB30CB000 \SystemRoot\System32\Drivers\HTTP.sys
0xB083A000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\kxtdrpow.sys
0xB07FE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
540 C:\WINDOWS\system32\smss.exe
608 csrss.exe
632 C:\WINDOWS\system32\winlogon.exe
676 C:\WINDOWS\system32\services.exe
688 C:\WINDOWS\system32\lsass.exe
844 C:\WINDOWS\system32\svchost.exe
928 svchost.exe
1064 C:\WINDOWS\system32\svchost.exe
1128 svchost.exe
1224 svchost.exe
1268 C:\Program Files\AVG\AVG9\avgchsvx.exe
1276 C:\Program Files\AVG\AVG9\avgrsx.exe
1416 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1716 C:\WINDOWS\system32\spoolsv.exe
296 svchost.exe
368 C:\Program Files\AVG\AVG9\avgwdsvc.exe
652 C:\Program Files\Java\jre6\bin\jqs.exe
480 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1872 C:\WINDOWS\system32\IoctlSvc.exe
1172 C:\WINDOWS\system32\HPZipm12.exe
2072 C:\Program Files\UPHClean\uphclean.exe
2148 C:\WINDOWS\system32\searchindexer.exe
2280 C:\Program Files\AVG\AVG9\avgnsx.exe
2300 C:\Program Files\AVG\AVG9\avgemc.exe
2660 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3276 alg.exe
4044 C:\WINDOWS\system32\svchost.exe
724 C:\WINDOWS\explorer.exe
1736 C:\WINDOWS\system32\VTTimer.exe
1484 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3600 C:\Program Files\Registry Defense\RDListener.exe
1352 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
968 C:\Program Files\Common Files\Java\Java Update\jusched.exe
328 C:\WINDOWS\system32\ctfmon.exe
2100 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2060 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2804 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1340 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3104 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
3848 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3312 C:\Program Files\Internet Explorer\iexplore.exe
3720 C:\Program Files\Internet Explorer\iexplore.exe
1212 D:\My Downloads\imulmzb8.exe
4244 C:\WINDOWS\system32\notepad.exe
3132 C:\Program Files\Internet Explorer\iexplore.exe
5536 C:\WINDOWS\system32\searchprotocolhost.exe
5200 searchfilterhost.exe
3960 C:\WINDOWS\system32\searchprotocolhost.exe
4332 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-00GVC0, Rev: 08.02D08
PhysicalDrive1 Model Number: WDCWD400BB-23JHA1, Rev: 06.01C06

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
37 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/10/17

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

elfagobarcus · 2010/10/17

ComboFix 10-10-16.04 - Owner 10/17/2010 13:58:36.1.1 - x86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\program files\Internet Explorer\SET482.tmp
c:\program files\Internet Explorer\SET483.tmp
c:\windows\system\WINSPOOL.DRV

c:\windows\system32\msgsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 02:43 . 2010-10-17 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-17 02:43 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 02:43 . 2010-10-17 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-17 02:43 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 02:43 . 2010-10-17 02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 02:24 . 2010-10-16 02:24 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-16 02:24 . 2010-10-16 02:24 -------- d-----w- c:\program files\Trend Micro
2010-10-14 08:03 . 2006-01-01 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-08 04:01 . 2010-10-08 04:01 -------- d-----w- c:\documents and settings\Owner\Application Data\KompoZer
2010-10-05 02:55 . 2006-05-04 13:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-10-05 02:55 . 2005-10-04 06:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-05 02:54 . 2010-10-05 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-09-21 16:41 . 2010-09-21 16:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-21 16:38 . 2010-10-16 23:38 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-21 16:37 . 2010-09-21 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-21 16:37 . 2010-09-21 16:37 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-21 15:42 . 2010-09-24 04:00 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn
2010-09-21 15:26 . 2010-09-21 15:26 -------- d-----w- c:\program files\ImgBurn
2010-09-21 00:24 . 2010-09-21 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2010-09-21 00:24 . 2010-09-21 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic
2010-09-21 00:24 . 2010-09-21 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-20 15:32 . 2010-09-20 15:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-09-20 15:32 . 2010-09-20 15:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-09-20 15:28 . 2010-09-20 15:29 -------- dc-h--w- c:\windows\ie8
2010-09-20 15:27 . 2010-09-20 15:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-09-20 15:26 . 2010-09-20 15:32 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-20 02:19 . 2010-09-20 03:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-19 01:08 . 2010-09-19 01:08 -------- d-----w- c:\program files\IObit
2010-09-19 01:08 . 2010-09-19 01:08 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-09-17 21:26 . 2010-09-17 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-09-17 21:24 . 2010-09-17 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-09-27 17:32 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-01 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [2006-08-15 53248]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"RDListener "= "c:\program files\Registry Defense\RDListener.exe" [2009-07-02 105072]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"HitmanPro35 "= "c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-10-13 6238016]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3 "= "advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-26 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 14:24 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP "= 5985:TCP:*isabled:Windows Remote Management

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-09-27 431432]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2006-01-01 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 18:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/?o=15784&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1020)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\VTTimer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-10-17 14:09:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-17 19:09

Pre-Run: 96,769,339,392 bytes free
Post-Run: 96,895,729,664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EFDBFB54F6AC589118C4EDF811835926

broni · 2010/10/17

Download and run Shoot The Messenger: http://www.grc.com/stm/shootthemessenger.htm

Post fresh Combofix log.

elfagobarcus · 2010/10/17

ComboFix 10-10-16.04 - Owner 10/17/2010 15:48:19.2.1 - x86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\winspool.drv

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 02:43 . 2010-10-17 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-17 02:43 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 02:43 . 2010-10-17 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-17 02:43 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 02:43 . 2010-10-17 02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 02:24 . 2010-10-16 02:24 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-16 02:24 . 2010-10-16 02:24 -------- d-----w- c:\program files\Trend Micro
2010-10-14 08:03 . 2006-01-01 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-08 04:01 . 2010-10-08 04:01 -------- d-----w- c:\documents and settings\Owner\Application Data\KompoZer
2010-10-05 02:55 . 2006-05-04 13:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-10-05 02:55 . 2005-10-04 06:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-05 02:54 . 2010-10-05 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-09-21 16:41 . 2010-09-21 16:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-21 16:38 . 2010-10-16 23:38 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-21 16:37 . 2010-09-21 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-21 16:37 . 2010-09-21 16:37 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-21 15:42 . 2010-09-24 04:00 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn
2010-09-21 15:26 . 2010-09-21 15:26 -------- d-----w- c:\program files\ImgBurn
2010-09-21 00:24 . 2010-09-21 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2010-09-21 00:24 . 2010-09-21 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic
2010-09-21 00:24 . 2010-09-21 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-20 15:32 . 2010-09-20 15:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-09-20 15:32 . 2010-09-20 15:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-09-20 15:28 . 2010-09-20 15:29 -------- dc-h--w- c:\windows\ie8
2010-09-20 15:27 . 2010-09-20 15:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-09-20 15:26 . 2010-09-20 15:32 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-20 02:19 . 2010-09-20 03:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-19 01:08 . 2010-09-19 01:08 -------- d-----w- c:\program files\IObit
2010-09-19 01:08 . 2010-09-19 01:08 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-09-17 21:26 . 2010-09-17 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-09-17 21:24 . 2010-09-17 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-10-17_19.05.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-17 20:55 . 2010-10-17 20:55 16384 c:\windows\Temp\Perflib_Perfdata_484.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-09-27 17:32 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-01 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [2006-08-15 53248]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"RDListener "= "c:\program files\Registry Defense\RDListener.exe" [2009-07-02 105072]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"HitmanPro35 "= "c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-10-13 6238016]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3 "= "advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-26 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 14:24 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP "= 5985:TCP:*isabled:Windows Remote Management

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-09-27 431432]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2006-01-01 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 18:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/?o=15784&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1164)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\VTTimer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-10-17 15:59:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-17 20:59
ComboFix2.txt 2010-10-17 19:09

Pre-Run: 96,902,676,480 bytes free
Post-Run: 96,891,924,480 bytes free

- - End Of File - - 0E7EF27EF7592E369A13B35F523A5954

broni · 2010/10/17

Looks good

How is redirection?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

elfagobarcus · 2010/10/17

On redirect, I haven't run the internet much. At least this time I didn't get a parallel website along with Windows BBS. Can tell you more later.

OTL logfile created on: 10/17/2010 5:20:58 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 90.23 Gb Free Space | 60.54% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 4.61 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 1.86 Gb Total Space | 0.95 Gb Free Space | 50.91% Space Free | Partition Type: FAT

Computer Name: ROGER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 17:11:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/10/04 09:14:45 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/30 21:57:22 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/09/23 08:52:31 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/20 15:20:01 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 09:24:25 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 09:24:20 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 09:24:13 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 09:24:11 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/07/02 16:26:00 | 000,105,072 | ---- | M] () -- C:\Program Files\Registry Defense\RDListener.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/08/15 11:28:24 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2006/01/01 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 17:11:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/05/13 12:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll
MOD - [2006/01/01 07:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/01/01 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/27 12:32:38 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/20 15:20:01 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 09:24:20 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/16 09:24:28 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 09:24:24 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/16 09:24:13 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/16 15:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/10/09 12:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/19 21:54:42 | 000,207,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2003/07/02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/?o=15784&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/10/17 15:54:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RDListener] C:\Program Files\Registry Defense\RDListener.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1279285186546 (MUWebControl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/15 16:56:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/18 02:51:26 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 17:11:32 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/17 15:44:11 | 000,022,016 | ---- | C] (Gibson Research Corp.) -- C:\Documents and Settings\Owner\Desktop\shootthemessenger.exe
[2010/10/17 13:57:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/17 13:55:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/17 13:55:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/17 13:55:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/17 13:55:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/17 13:55:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/17 13:35:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/16 21:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/10/16 21:43:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/16 21:43:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/16 21:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/16 21:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/15 21:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/07 23:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/10/07 23:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\KompoZer
[2010/10/07 22:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\KompoZer 0.7.10
[2010/10/04 21:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/09/23 11:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/09/21 11:41:45 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/21 11:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/21 11:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/21 10:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2010/09/21 10:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/09/20 19:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/09/20 19:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2010/09/20 19:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 10:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2010/09/20 10:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2010/09/20 10:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/09/20 10:28:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/20 10:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/09/20 10:26:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/09/19 21:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/18 20:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/09/18 20:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/09/17 16:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2010/09/17 16:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/09/13 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/08 12:07:12 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/08/21 11:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/08/19 15:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/04 22:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/08/04 16:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/04 16:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/29 22:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/07/29 22:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/07/25 20:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SysTools_Recover_DBX_(DATE=7-26-2010)_(TIME=20hr.39m.54s)
[2010/07/25 20:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SysTools_Recover_DBX_(DATE=7-26-2010)_(TIME=20hr.21m.45s)
[2010/07/22 23:26:37 | 002,910,208 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2010/07/22 23:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools Outlook Express Restore
[2010/07/22 21:24:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/07/22 21:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010/07/22 21:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead
[2010/07/22 21:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2010/07/22 21:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/22 21:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/07/22 20:56:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/07/22 20:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/07/22 20:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/22 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/22 17:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/07/22 17:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/07/22 17:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010/07/22 17:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
[2010/07/22 17:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/22 09:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HpUpdate
[2010/07/22 09:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/07/21 22:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\GenSmarts
[2010/07/21 22:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com
[2010/07/21 22:47:23 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/07/21 22:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Family Tree Maker 16
[2010/07/21 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/07/21 21:46:58 | 000,000,000 | ---D | C] -- C:\OpenOffice.org 3.2 (en-US) Installation Files
[2010/07/21 20:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/21 20:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/21 07:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HP
[2010/07/21 00:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
[2010/07/21 00:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2010/07/20 22:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HP
[2010/07/20 22:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/07/20 22:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/07/20 22:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/07/20 22:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/07/20 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/07/20 22:46:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/20 21:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Story 3 for Windows
[2010/07/20 21:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Defense
[2010/07/20 21:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\GolfHandicap
[2010/07/20 20:55:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/20 15:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/07/20 15:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 17:11:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/17 17:05:48 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[2010/10/17 17:04:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/17 15:55:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/17 15:54:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/17 15:54:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 15:54:45 | 1543,032,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 15:44:12 | 000,022,016 | ---- | M] (Gibson Research Corp.) -- C:\Documents and Settings\Owner\Desktop\shootthemessenger.exe
[2010/10/17 14:15:32 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ComboFix 10 log.doc
[2010/10/17 13:57:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/17 13:19:30 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/10/17 08:51:40 | 066,493,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/17 00:51:32 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/10/16 21:43:30 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 18:38:30 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/15 21:24:26 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/10/15 08:49:06 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/10/14 08:55:26 | 000,502,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/14 08:55:26 | 000,086,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/14 08:52:03 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 03:03:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 21:26:52 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
[2010/10/11 09:35:38 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/10/07 21:41:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/06 22:17:02 | 000,000,063 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2010/10/06 21:34:30 | 000,001,055 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LGMobile update.lnk
[2010/09/26 16:07:59 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/09/24 23:41:45 | 000,003,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2 amendment.htm
[2010/09/23 13:20:29 | 000,219,648 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Closed Banks.xls
[2010/09/21 11:41:45 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/21 11:37:56 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/09/21 10:26:45 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/09/21 10:26:45 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk
[2010/09/20 11:06:02 | 000,080,126 | ---- | M] () -- C:\WINDOWS\HPHins08.dat
[2010/09/20 10:35:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/19 16:44:02 | 000,003,899 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Video 3_DVD 9-19-10.nri
[2010/09/19 15:39:19 | 000,006,618 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ISO1_9-19-10 DVD 2.nri
[2010/09/19 14:57:32 | 000,050,432 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ISO1_9-19-10 DVD.nri
[2010/09/19 14:48:41 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/09/18 20:09:21 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/09/17 16:29:25 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/09/17 16:29:25 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/09/17 16:29:25 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk
[2010/09/17 16:29:25 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home Essentials SE.lnk
[2010/09/17 16:29:25 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Online Upgrade.lnk
[2010/08/23 15:08:00 | 004,668,928 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\911_Aerial_Photos.Recently_Disclassified.pps
[2010/08/22 19:49:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Doctor Patient Letter.doc
[2010/08/05 09:48:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Karen Linhart letter.doc
[2010/08/03 20:25:13 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to emailstripper.lnk
[2010/08/03 11:02:00 | 000,431,487 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AT&T - Customer Support - Repair.mht
[2010/07/30 20:17:23 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/30 20:17:01 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/27 22:14:00 | 1216,954,368 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Email Archive.pst
[2010/07/23 01:16:15 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/07/22 20:43:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/22 18:28:58 | 000,000,401 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Regpair.lnk
[2010/07/22 17:37:30 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/22 09:31:30 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2010/07/22 09:31:24 | 000,000,217 | ---- | M] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2010/07/22 09:28:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/07/22 09:26:18 | 000,000,221 | ---- | M] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/07/21 22:48:59 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GenSmarts.lnk
[2010/07/21 22:47:24 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Family Tree Maker 16.lnk
[2010/07/21 21:51:18 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/07/21 20:08:43 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/21 20:08:43 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/07/21 07:29:59 | 000,080,475 | ---- | M] () -- C:\WINDOWS\HPHins08.dat.temp
[2010/07/21 00:04:19 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/07/20 22:51:17 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2010/07/20 22:51:17 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/07/20 22:50:23 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/07/20 22:49:33 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/07/20 21:30:54 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Registry Defense.lnk
[2010/07/20 21:15:10 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GolfHandicap.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 14:15:31 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ComboFix 10 log.doc
[2010/10/17 13:57:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/17 13:57:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/17 13:55:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/17 13:55:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/17 13:55:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/17 13:55:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/17 13:55:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/17 13:19:27 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/10/17 00:51:24 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/10/16 21:43:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 20:14:49 | 1543,032,832 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/15 21:24:26 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/10/07 21:41:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/06 22:17:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/10/04 21:55:28 | 000,001,055 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LGMobile update.lnk
[2010/10/04 21:55:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/10/04 21:55:24 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/09/26 16:07:59 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/09/24 23:41:45 | 000,003,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2 amendment.htm
[2010/09/23 13:20:29 | 000,219,648 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Closed Banks.xls
[2010/09/21 11:38:41 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/21 11:37:56 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/09/21 10:26:45 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/09/21 10:26:45 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk
[2010/09/20 11:05:13 | 000,080,475 | ---- | C] () -- C:\WINDOWS\HPHins08.dat.temp
[2010/09/20 11:05:13 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat.temp
[2010/09/19 16:37:06 | 000,003,899 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Video 3_DVD 9-19-10.nri
[2010/09/19 15:39:19 | 000,006,618 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ISO1_9-19-10 DVD 2.nri
[2010/09/19 14:57:32 | 000,050,432 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ISO1_9-19-10 DVD.nri
[2010/09/19 14:48:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/09/18 20:09:21 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/09/17 16:29:25 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/09/17 16:29:25 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/09/17 16:29:25 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk
[2010/09/17 16:29:25 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home Essentials SE.lnk
[2010/09/17 16:29:25 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Online Upgrade.lnk
[2010/09/02 10:49:56 | 000,002,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
[2010/08/23 15:08:00 | 004,668,928 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\911_Aerial_Photos.Recently_Disclassified.pps
[2010/08/22 19:49:15 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Doctor Patient Letter.doc
[2010/08/05 09:23:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Karen Linhart letter.doc
[2010/08/03 20:25:21 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to emailstripper.lnk
[2010/08/03 11:01:56 | 000,431,487 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AT&T - Customer Support - Repair.mht
[2010/07/25 09:15:09 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Owner\default.pls
[2010/07/25 09:14:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/23 01:16:15 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/07/22 18:29:01 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Regpair.lnk
[2010/07/22 17:37:30 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/22 17:30:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/22 17:30:07 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/22 09:31:30 | 000,002,801 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_InstantShareJPG.log
[2010/07/22 09:31:30 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2010/07/22 09:31:24 | 000,003,588 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_IZClosingDiscError.log
[2010/07/22 09:31:24 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2010/07/22 09:28:41 | 000,048,435 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2010/07/22 09:28:41 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/07/22 09:26:18 | 000,055,867 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/07/22 09:26:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/07/21 22:48:59 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GenSmarts.lnk
[2010/07/21 22:47:50 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2010/07/21 22:47:24 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Family Tree Maker 16.lnk
[2010/07/21 21:51:18 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/07/21 20:08:43 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/21 20:08:43 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/07/21 07:25:45 | 000,080,126 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2010/07/21 07:25:45 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2010/07/21 00:04:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/07/20 22:51:17 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2010/07/20 22:51:17 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/07/20 22:50:23 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/07/20 22:49:33 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/07/20 22:45:09 | 000,002,911 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/20 22:26:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/20 21:30:54 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Registry Defense.lnk
[2010/07/20 21:15:10 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GolfHandicap.lnk
[2010/07/15 17:01:00 | 000,020,449 | R--- | C] () -- C:\WINDOWS\System32\ADeck.ini
[2010/07/15 17:01:00 | 000,003,912 | R--- | C] () -- C:\WINDOWS\System32\String.ini
[2010/07/15 17:01:00 | 000,003,911 | R--- | C] () -- C:\WINDOWS\System32\String1.ini
[2010/07/15 17:01:00 | 000,000,399 | R--- | C] () -- C:\WINDOWS\System32\vpatch.ini
[2010/07/15 17:01:00 | 000,000,356 | R--- | C] () -- C:\WINDOWS\System32\OemBmpCp.ini
[2010/07/15 11:45:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/15 11:42:41 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/09/25 11:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/16 07:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/21 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/10/04 21:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/08/04 22:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/09/21 09:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 19:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/09/23 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2010/09/18 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/10/07 23:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KompoZer
[2010/07/21 22:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com
[2010/07/20 15:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/09/20 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2010/07/15 17:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/07/20 15:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/07/15 16:56:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/15 16:50:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/17 13:57:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/17 15:59:24 | 000,014,014 | ---- | M] () -- C:\ComboFix.txt
[2010/07/15 16:56:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/10 18:00:33 | 000,323,167 | ---- | M] () -- C:\DPsFnshr.exe
[2010/10/17 15:54:45 | 1543,032,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/15 16:56:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/15 16:56:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/01/01 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/01/01 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/17 15:54:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/15 17:07:49 | 000,005,749 | ---- | M] () -- C:\WPI_Log_2010.07.15_17.03.43.txt
[2010/07/15 11:45:25 | 000,000,012 | ---- | M] () -- C:\XPHOM.TAG

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2010/07/15 16:56:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/07/15 11:35:01 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/15 11:35:01 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/15 11:35:01 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/07/15 16:56:42 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/15 17:09:31 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/07/15 17:09:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/06/05 09:58:26 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\Analyze.exe
[2010/10/17 13:19:30 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/10/17 00:51:32 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/10/17 17:11:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/17 15:44:12 | 000,022,016 | ---- | M] (Gibson Research Corp.) -- C:\Documents and Settings\Owner\Desktop\shootthemessenger.exe

elfagobarcus · 2010/10/17

Continuation of previous submital
< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/11/18 15:25:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/17 17:18:34 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

OTL Extras logfile created on: 10/17/2010 5:20:58 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 90.23 Gb Free Space | 60.54% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 4.61 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 1.86 Gb Total Space | 0.95 Gb Free Space | 50.91% Space Free | Partition Type: FAT

Computer Name: ROGER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002C9999-0000-0000-C000-000000000112}" = Microsoft Office Web Components
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{2B59AB31-EBD0-45E4-A725-7112904DA605}" = Family Tree Maker Version 16
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EACB261C-5C4D-4CB4-B8CC-0EF998C5B3E8}" = User State Migration Tools version 3.0.1
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"GenSmarts_is1" = GenSmarts
"GolfHandicap_is1" = GolfHandicap 2.0
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RegistryDefense" = RegistryDefense
"SysTools Outlook Express Restore - Demo Version_is1" = SysTools Outlook Express Restore
"USMT301_DL" = DlManifest for User State Migration Tools 3.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WETCable" = Windows Easy Transfer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2010 10:35:10 AM | Computer Name = ROGER | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 10/11/2010 10:35:13 AM | Computer Name = ROGER | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 10/11/2010 10:35:13 AM | Computer Name = ROGER | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 10/11/2010 7:28:22 PM | Computer Name = ROGER | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 10/16/2010 12:33:05 AM | Computer Name = ROGER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2010 12:33:36 AM | Computer Name = ROGER | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/16/2010 1:09:04 PM | Computer Name = ROGER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2010 1:26:17 PM | Computer Name = ROGER | Source = Application Error | ID = 1000
Description = Faulting application cvirus.exe, version 0.0.0.0, faulting module
cvirus.exe, version 0.0.0.0, fault address 0x00025b19.

Error - 10/16/2010 1:29:39 PM | Computer Name = ROGER | Source = Application Error | ID = 1000
Description = Faulting application cvirus.exe, version 0.0.0.0, faulting module
cvirus.exe, version 0.0.0.0, fault address 0x00025b19.

Error - 10/16/2010 1:29:46 PM | Computer Name = ROGER | Source = Application Error | ID = 1000
Description = Faulting application cvirus.exe, version 0.0.0.0, faulting module
cvirus.exe, version 0.0.0.0, fault address 0x00025b19.

[ System Events ]
Error - 8/27/2010 7:54:07 PM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 8/28/2010 9:51:58 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 8/30/2010 9:52:09 PM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 8/31/2010 8:13:57 PM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 9/2/2010 10:37:43 AM | Computer Name = ROGER | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 9/2/2010 10:38:15 AM | Computer Name = ROGER | Source = DCOM | ID = 10010
Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register
with DCOM within the required timeout.

Error - 9/14/2010 6:42:41 PM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 9/14/2010 10:29:05 PM | Computer Name = ROGER | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 9/17/2010 4:42:22 PM | Computer Name = ROGER | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 9/17/2010 4:42:56 PM | Computer Name = ROGER | Source = DCOM | ID = 10010
Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register
with DCOM within the required timeout.

< End of report >

broni · 2010/10/17

I haven't run the internet much. At least this time I didn't get a parallel website along with Windows BBS. Can tell you more later.
Click to expand...

That would be pretty important for me to know

==================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Please, uninstall Registry Defense.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

elfagobarcus · 2010/10/17

All processes killed
========== OTL ==========
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET245.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET246.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET214.tmp deleted successfully.
C:\WINDOWS\System32\SET22D.tmp deleted successfully.
C:\WINDOWS\System32\SET231.tmp deleted successfully.
C:\WINDOWS\System32\SET232.tmp deleted successfully.
C:\WINDOWS\System32\SET23B.tmp deleted successfully.
C:\WINDOWS\System32\SET242.tmp deleted successfully.
C:\WINDOWS\System32\SET243.tmp deleted successfully.
C:\WINDOWS\System32\SET244.tmp deleted successfully.
C:\WINDOWS\System32\SET24C.tmp deleted successfully.
C:\WINDOWS\System32\SET474.tmp deleted successfully.
C:\WINDOWS\System32\SET475.tmp deleted successfully.
C:\WINDOWS\System32\SET478.tmp deleted successfully.
C:\WINDOWS\System32\SET479.tmp deleted successfully.
C:\WINDOWS\System32\SET47A.tmp deleted successfully.
C:\WINDOWS\System32\SET47D.tmp deleted successfully.
C:\WINDOWS\System32\SET47E.tmp deleted successfully.
C:\WINDOWS\System32\SET47F.tmp deleted successfully.
C:\Documents and Settings\Owner\~8A8.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner
->Temp folder emptied: 1705266 bytes
->Temporary Internet Files folder emptied: 52989126 bytes
->Java cache emptied: 11002193 bytes
->Flash cache emptied: 244039 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_212608

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y9EAR0OB\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y9EAR0OB\iframescript[5].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\V7MV0TZC\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\V7MV0TZC\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PUEB394Q\95737-active-google-redirect-jump-problem-2[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

elfagobarcus · 2010/10/17

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

broni · 2010/10/17

Looks good
Go on....

elfagobarcus · 2010/10/17

D:\My Downloads\ComboFix.exe a variant of Win32/Kryptik.YI trojan
D:\My Downloads\CVirus.exe a variant of Win32/Kryptik.YI trojan

Why does it come up with an out of date Java when #22 was said to be the latest??
Up until I eliminated the old Java's I still had the "redirect/jump ". It doesn't appear to be there now. Will check it more in the morning.

Log in or Sign up

Solved Google redirect and Jump problem

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Google redirect and Jump problem

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

Share This Page

Useful Searches