1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google redirect and Jump problem

Discussion in 'Malware and Virus Removal Archive' started by elfagobarcus, 2010/10/15.

Page 3 of 3
  1. 2010/10/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Reading on the net.....it may have "Reset" button. Hold it for 10-15 seconds.
     
    broni,
    #41
  2. 2010/10/22
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    Yes, it had a reset button hidden under the screen. After the reset I had to go to my provider to get the router back in service. While we were reseting the access we used additional security to the connection. I am up and running but have not had time to go to the Internet for a check. I must say accessing this site was a lot easier. Hope you have solved my problem. I will be back.
     
    elfagobarcus,
    #42


  3. to hide this advert.

  4. 2010/10/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let me know....
     
    broni,
    #43
  5. 2010/10/24
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    I do believe that you have resolved the redirect problem. I did some research work on the net last night and didn't get redirected. Did have some pop ups that I thought I had blocked.

    Can you explain how the router can play into this redirect problem? Also should I go back to the clean up info that you gave me once before and clean all the programs and the info off the desk top and my downloads? Thanks for all the help. I will contribute to the cause.
     
    elfagobarcus,
    #44
  6. 2010/10/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Routers do get infected and that's why, sometimes, we have to reset them.

    We'll re-run couple more scans to make sure, nothing is hiding there.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #45
  7. 2010/10/24
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    OTL logfile created on: 10/24/2010 8:12:23 PM - Run 2
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 88.59 Gb Free Space | 59.44% Space Free | Partition Type: NTFS
    Drive D: | 37.26 Gb Total Space | 4.61 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
    Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive H: | 1.86 Gb Total Space | 0.95 Gb Free Space | 50.91% Space Free | Partition Type: FAT

    Computer Name: ROGER | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/17 17:11:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/09/30 21:57:22 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/09/10 01:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/09/07 03:50:58 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2010/09/07 03:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2010/09/03 10:35:52 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2006/08/15 11:28:24 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
    PRC - [2006/01/01 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/17 17:11:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2006/01/01 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2008/12/16 15:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
    DRV - [2007/10/09 12:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2007/09/19 21:54:42 | 000,207,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
    DRV - [2003/07/02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/?o=15784&l=dis
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/22 09:09:56 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/10/19 17:11:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
    O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1279285186546 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/15 16:56:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/11/18 02:51:26 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/21 23:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ieSpell
    [2010/10/21 23:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
    [2010/10/20 20:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
    [2010/10/20 20:51:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/10/19 21:48:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/19 21:48:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/19 21:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/19 21:40:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/10/18 16:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/18 16:31:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2010/10/18 16:22:00 | 000,000,000 | ---D | C] -- C:\AVGTemp
    [2010/10/18 15:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
    [2010/10/18 15:21:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/10/18 15:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG9
    [2010/10/18 14:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/10/17 21:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/10/17 21:26:08 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/10/17 21:02:31 | 000,000,000 | ---D | C] -- C:\Programs
    [2010/10/17 17:11:32 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/10/17 13:57:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/17 13:55:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/17 13:55:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/17 13:55:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/17 13:55:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/17 13:55:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/17 13:35:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/16 21:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2010/10/16 21:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/07 23:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
    [2010/10/07 23:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\KompoZer
    [2010/10/07 22:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\KompoZer 0.7.10
    [2010/10/04 21:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2010/09/23 11:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2010/09/21 11:41:45 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
    [2010/09/21 11:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/09/21 11:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/09/21 10:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
    [2010/09/21 10:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
    [2010/09/20 19:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DriverCure
    [2010/09/20 19:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
    [2010/09/20 19:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/09/20 10:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
    [2010/09/20 10:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
    [2010/09/20 10:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/09/20 10:28:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/09/20 10:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/09/19 21:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
    [2010/09/18 20:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010/09/18 20:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
    [2010/09/17 16:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
    [2010/09/17 16:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
    [2010/09/13 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/09/13 16:27:24 | 000,025,680 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
    [2010/09/08 12:07:12 | 000,000,000 | ---D | C] -- C:\$AVG
    [2010/09/07 03:49:00 | 000,298,448 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/09/07 03:48:56 | 000,034,384 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/09/07 03:48:54 | 000,249,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/09/07 03:48:50 | 000,026,064 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2010/08/21 11:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    [2010/08/19 21:42:38 | 000,030,288 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys
    [2010/08/19 21:42:36 | 000,123,472 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
    [2010/08/19 21:42:34 | 000,026,192 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys
    [2010/08/19 15:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/08/04 22:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/08/04 16:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/08/04 16:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/07/29 22:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
    [2010/07/29 22:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google

    ========== Files - Modified Within 90 Days ==========

    [2010/10/24 18:39:26 | 097,582,199 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2010/10/24 17:06:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/24 13:09:27 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/10/24 00:18:15 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pilot shortage.doc
    [2010/10/23 14:00:53 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Geraniums.doc
    [2010/10/23 13:52:53 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Clematis.doc
    [2010/10/23 08:49:04 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
    [2010/10/22 10:41:50 | 000,502,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/22 10:41:50 | 000,086,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/22 10:26:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/22 10:26:01 | 1543,032,832 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/22 09:10:11 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2010/10/21 23:14:25 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Redirect jump.doc
    [2010/10/21 22:22:39 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
    [2010/10/19 21:48:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/19 17:11:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/19 16:56:17 | 003,880,681 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix1.exe
    [2010/10/17 21:33:26 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
    [2010/10/17 17:11:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/10/17 17:05:48 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
    [2010/10/17 17:04:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/10/17 14:15:32 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ComboFix 10 log.doc
    [2010/10/17 13:57:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/17 13:19:30 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/10/14 08:52:03 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/14 03:03:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/11 09:35:38 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2010/10/07 21:41:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/10/06 22:17:02 | 000,000,063 | ---- | M] () -- C:\WINDOWS\mdm.ini
    [2010/10/06 21:34:30 | 000,001,055 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LGMobile update.lnk
    [2010/09/26 16:07:59 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    [2010/09/24 23:41:45 | 000,003,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2 amendment.htm
    [2010/09/23 13:20:29 | 000,219,648 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Closed Banks.xls
    [2010/09/21 11:41:45 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
    [2010/09/21 11:37:56 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
    [2010/09/21 10:26:45 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
    [2010/09/21 10:26:45 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk
    [2010/09/20 11:06:02 | 000,080,126 | ---- | M] () -- C:\WINDOWS\HPHins08.dat
    [2010/09/20 10:35:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/09/19 16:44:02 | 000,003,899 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Video 3_DVD 9-19-10.nri
    [2010/09/19 15:39:19 | 000,006,618 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ISO1_9-19-10 DVD 2.nri
    [2010/09/19 14:57:32 | 000,050,432 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ISO1_9-19-10 DVD.nri
    [2010/09/19 14:48:41 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2010/09/18 20:09:21 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010/09/17 16:29:25 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
    [2010/09/17 16:29:25 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
    [2010/09/17 16:29:25 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk
    [2010/09/17 16:29:25 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home Essentials SE.lnk
    [2010/09/17 16:29:25 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Online Upgrade.lnk
    [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
    [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2010/08/23 15:08:00 | 004,668,928 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\911_Aerial_Photos.Recently_Disclassified.pps
    [2010/08/22 19:49:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Doctor Patient Letter.doc
    [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys
    [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
    [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys
    [2010/08/05 09:48:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Karen Linhart letter.doc
    [2010/08/03 20:25:13 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to emailstripper.lnk
    [2010/08/03 11:02:00 | 000,431,487 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AT&T - Customer Support - Repair.mht
    [2010/07/30 20:17:23 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/07/30 20:17:01 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2010/07/27 22:14:00 | 1216,954,368 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Email Archive.pst

    ========== Files Created - No Company Name ==========

    [2010/10/24 18:39:26 | 097,582,199 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2010/10/23 22:35:15 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pilot shortage.doc
    [2010/10/23 14:00:52 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Geraniums.doc
    [2010/10/23 13:52:53 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Clematis.doc
    [2010/10/21 23:14:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Redirect jump.doc
    [2010/10/20 09:42:01 | 1543,032,832 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/19 21:48:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/19 16:56:15 | 003,880,681 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix1.exe
    [2010/10/18 16:31:41 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2010/10/17 21:33:22 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
    [2010/10/17 14:15:31 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ComboFix 10 log.doc
    [2010/10/17 13:57:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/17 13:57:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/17 13:55:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/17 13:55:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/17 13:55:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/17 13:55:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/17 13:55:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/17 13:19:27 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/10/07 21:41:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/10/06 22:17:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2010/10/04 21:55:28 | 000,001,055 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LGMobile update.lnk
    [2010/10/04 21:55:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
    [2010/10/04 21:55:24 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2010/09/26 16:07:59 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    [2010/09/24 23:41:45 | 000,003,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2 amendment.htm
    [2010/09/23 13:20:29 | 000,219,648 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Closed Banks.xls
    [2010/09/21 11:38:41 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/09/21 11:37:56 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
    [2010/09/21 10:26:45 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
    [2010/09/21 10:26:45 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk
    [2010/09/20 11:05:13 | 000,080,475 | ---- | C] () -- C:\WINDOWS\HPHins08.dat.temp
    [2010/09/20 11:05:13 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat.temp
    [2010/09/19 16:37:06 | 000,003,899 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Video 3_DVD 9-19-10.nri
    [2010/09/19 15:39:19 | 000,006,618 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ISO1_9-19-10 DVD 2.nri
    [2010/09/19 14:57:32 | 000,050,432 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ISO1_9-19-10 DVD.nri
    [2010/09/19 14:48:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2010/09/18 20:09:21 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010/09/17 16:29:25 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
    [2010/09/17 16:29:25 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
    [2010/09/17 16:29:25 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk
    [2010/09/17 16:29:25 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home Essentials SE.lnk
    [2010/09/17 16:29:25 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Online Upgrade.lnk
    [2010/09/02 10:49:56 | 000,002,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
    [2010/08/23 15:08:00 | 004,668,928 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\911_Aerial_Photos.Recently_Disclassified.pps
    [2010/08/22 19:49:15 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Doctor Patient Letter.doc
    [2010/08/05 09:23:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Karen Linhart letter.doc
    [2010/08/03 20:25:21 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to emailstripper.lnk
    [2010/08/03 11:01:56 | 000,431,487 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AT&T - Customer Support - Repair.mht
    [2010/07/25 09:14:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/07/22 17:30:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/07/22 09:31:30 | 000,002,801 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_InstantShareJPG.log
    [2010/07/22 09:31:30 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
    [2010/07/22 09:31:24 | 000,003,588 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_IZClosingDiscError.log
    [2010/07/22 09:31:24 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
    [2010/07/22 09:28:41 | 000,048,435 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    [2010/07/22 09:28:41 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2010/07/22 09:26:18 | 000,055,867 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
    [2010/07/22 09:26:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2010/07/21 22:47:50 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2010/07/21 00:04:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2010/07/20 22:45:09 | 000,002,911 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2010/07/20 22:26:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2010/07/15 17:01:00 | 000,020,449 | R--- | C] () -- C:\WINDOWS\System32\ADeck.ini
    [2010/07/15 17:01:00 | 000,003,912 | R--- | C] () -- C:\WINDOWS\System32\String.ini
    [2010/07/15 17:01:00 | 000,003,911 | R--- | C] () -- C:\WINDOWS\System32\String1.ini
    [2010/07/15 17:01:00 | 000,000,399 | R--- | C] () -- C:\WINDOWS\System32\vpatch.ini
    [2010/07/15 17:01:00 | 000,000,356 | R--- | C] () -- C:\WINDOWS\System32\OemBmpCp.ini
    [2010/07/15 11:45:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/07/15 11:42:41 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2010/10/18 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/10/18 16:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/07/16 07:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/10/18 15:21:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/09/21 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/10/04 21:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2010/08/04 22:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/10/18 15:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/09/21 09:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/10/18 15:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
    [2010/10/18 15:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
    [2010/09/20 19:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
    [2010/10/21 23:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ieSpell
    [2010/09/23 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
    [2010/09/18 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
    [2010/10/07 23:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KompoZer
    [2010/07/21 22:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com
    [2010/07/20 15:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2010/09/20 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
    [2010/07/15 17:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
    [2010/07/20 15:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/07/15 16:56:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/07/15 16:50:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/17 13:57:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/19 17:17:10 | 000,020,754 | ---- | M] () -- C:\ComboFix.txt
    [2010/07/15 16:56:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/06/10 18:00:33 | 000,323,167 | ---- | M] () -- C:\DPsFnshr.exe
    [2010/10/22 10:26:01 | 1543,032,832 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/15 16:56:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/10/17 21:22:30 | 000,006,415 | ---- | M] () -- C:\JavaRa.log
    [2010/07/15 16:56:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/01/01 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2006/01/01 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/22 10:26:00 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/07/15 17:07:49 | 000,005,749 | ---- | M] () -- C:\WPI_Log_2010.07.15_17.03.43.txt
    [2010/07/15 11:45:25 | 000,000,012 | ---- | M] () -- C:\XPHOM.TAG

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2005/05/11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\Fonts\*.ini >
    [2010/07/15 16:56:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/07/15 11:35:01 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/07/15 11:35:01 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/07/15 11:35:01 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/07/15 16:56:42 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/15 17:09:31 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/07/15 17:09:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2009/06/05 09:58:26 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\Analyze.exe
    [2010/10/17 13:19:30 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010/10/19 16:56:17 | 003,880,681 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix1.exe
    [2010/10/17 17:11:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010/10/17 21:33:26 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/11/18 15:25:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/24 20:12:20 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "AutoInstallMinorUpdates" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
    elfagobarcus,
    #46
  8. 2010/10/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks good :)

    One more scan....

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
    broni,
    #47
  9. 2010/10/24
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    Searched for the Extras file and didn't find any except the old file.
     
    elfagobarcus,
    #48
  10. 2010/10/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine.
     
    broni,
    #49
  11. 2010/10/25
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    I can't find the list of found threats. It says "no threats found "
     
    elfagobarcus,
    #50
  12. 2010/10/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That means....

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
    broni,
    #51
  13. 2010/10/25
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 58791435 bytes
    ->Temporary Internet Files folder emptied: 139895905 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 7533 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 115253 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 284840484 bytes

    Total Files Cleaned = 461.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.15.2 log created on 10252010_192558

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ULV11BJR\iframescript[4].htm moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\LESWQ3X0\95737-active-google-redirect-jump-problem-4[1].html moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
    elfagobarcus,
    #52
  14. 2010/10/25
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    I have on the computer the following and I am worried about compatibility.

    SuperAntispyware
    AVG 2011
    Spybot search and destroy

    Can I add any of the above and still work together or should I add or substitue.
    I realize that the WOT is an add on to IE.
     
    elfagobarcus,
    #53
  15. 2010/10/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're fine.
    I'd recommend uninstalling Spybot, which is rather a tool of the past and keep Malwarebytes.

     
    broni,
    #54
  16. 2010/10/26
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    Is the Trojan Dropper a part of AVG? Willl this creat problems with AVGs running?

    Other than this run, the computer is running fine. I seem to have more POP ups than when I had the Goggle tool bar. Right now I have Yahoo. Which is the best? Also the website that got me in trouble the second time with Websearch is a screen saver. every once in a while the screensaver pops up.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4948

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/25/2010 10:33:53 PM
    mbam-log-2010-10-25 (22-33-53).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 191503
    Time elapsed: 49 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\My Downloads\avg2011remover_en.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\My Downloads\avgremover_en.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    D:\My Downloads\avgremover_en.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
     
    elfagobarcus,
    #55
  17. 2010/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This is definitely false positive.
    You don't need those files anymore, so no harm done.

    I'll report it to MBAM.

    I don't recommend any toolbars at all. More troubles, than positives.

    Good luck and stay safe :)
     
    broni,
    #56
  18. 2010/10/26
    elfagobarcus

    elfagobarcus Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    35
    Likes Received:
    0
    Thanks for all your help.
     
    elfagobarcus,
    #57
  19. 2010/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    I just checked with MBAM people and they pointed out to me, that those three files deleted by MBAM can't be coming from AVG Remover, because of different names.
    The real AVG Remover file is named avg_remover_stf_x86_2011_1149.exe (http://www.avg.com/us-en/download-tools)
     
    broni,
    #58
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...