Gblock1
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Gblock1
-
-
Ran Hijack and did as you advised... Ran Eset and one threat found:
C:\Documents and Settings\GBLOCK\My Documents\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application
-
Log of Mbam. and Hijack this......computer seems to be working fine now. No more google redirects and google is funcitioning properly
Log of Mbam
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.15.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
GBLOCK :: GLENNEEEPC [administrator]
11/15/2012 12:14:25 AM
mbam-log-2012-11-15 (00-14-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201936
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Log of Hijack this
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:00:06 PM, on 11/15/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AsScrPro.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\GBLOCK\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agent - Unknown owner - C:\WINDOWS\agent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
--
End of file - 12443 bytes
-
Google is working fine now without redirecting. Here is log that you requested.
========== OTL ==========
HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: avg@toolbar:13.2.0.5 removed from extensions.enabledItems
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\GBLOCK\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\GBLOCK\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default User
User: GBLOCK
User: LocalService
User: NetworkService
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: GBLOCK
->Flash cache emptied: 148486 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11142012_230352
-
Copy of OTL.txt log
OTL logfile created on: 11/14/2012 10:35:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\GBLOCK\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.28% Memory free
3.33 Gb Paging File | 2.86 Gb Available in Paging File | 85.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 16.05 Gb Free Space | 22.27% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.98 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Computer Name: GLENNEEEPC | User Name: GBLOCK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\GBLOCK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\WINDOWS\agent.exe ()
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\WINDOWS\AsScrPro.exe (ASUS)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\WINDOWS\system32\sdtnpm.dll ()
MOD - C:\WINDOWS\agent.exe ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll ()
MOD - C:\Program Files\ASUS\LiveUpdate\Enumeration.dll ()
MOD - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe ()
MOD - C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\ASUS\LiveUpdate\Parser.dll ()
MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
========== Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (Agent) -- C:\WINDOWS\agent.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\GBLOCK\LOCALS~1\Temp\catchme.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (AsUpIO) -- C:\WINDOWS\system32\drivers\AsUpIO.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (VMUVC) -- C:\WINDOWS\system32\drivers\VMUVC.sys (Vimicro Corporation)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (vvftUVC) -- C:\WINDOWS\system32\drivers\vvftUVC.sys (Vimicro Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23:32&v=12.2.5.34&sap=hp
IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=14987&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23:32&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.ebay.com"
FF - prefs.js..extensions.enabledItems: avg@toolbar:13.2.0.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\GBLOCK\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\GBLOCK\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\GBLOCK\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\GBLOCK\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 20:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/11 21:47:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/11 21:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/28 19:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/10/31 15:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GBLOCK\Application Data\Mozilla\Extensions
[2012/11/11 21:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GBLOCK\Application Data\Mozilla\Firefox\Profiles\ie191ljh.default\extensions
[2012/11/11 21:47:29 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\GBLOCK\Application Data\Mozilla\Firefox\Profiles\ie191ljh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/11/11 21:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/08 20:47:28 | 000,003,574 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/11/14 18:18:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2514897835-882076413-806336791-1005..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-21-2514897835-882076413-806336791-1005..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 107.17.124.1 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65197B67-2E55-4FB1-BC95-8142C72E5B4D}: DhcpNameServer = 107.17.124.1 64.134.255.2 64.134.255.10
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/20 14:19:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/14 22:34:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GBLOCK\Desktop\OTL.exe
[2012/11/14 21:18:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/14 21:15:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/14 18:38:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/14 18:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/11/14 18:09:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/14 00:00:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/14 00:00:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/14 00:00:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/14 00:00:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/13 23:51:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/13 23:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/12 17:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\Nacva 2011 RFP_files
[2012/11/12 14:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\how_to_find_hidden_assets_files
[2012/11/11 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/11 21:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/11/11 11:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/11 11:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/11 11:28:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/11 11:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/09 23:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\Bench Media Video
[2012/11/08 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\AICPA 2012 BV Conf Orlando
[2012/10/28 00:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\Accounting Today Presentation 10-30-12
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/14 22:41:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/14 22:34:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GBLOCK\Desktop\OTL.exe
[2012/11/14 22:01:47 | 000,436,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/14 22:01:47 | 000,069,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/14 21:57:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/14 21:57:45 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/11/14 21:57:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/14 21:50:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Desktop\MBR.dat
[2012/11/14 21:49:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005UA.job
[2012/11/14 19:00:13 | 001,664,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/14 18:49:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005Core.job
[2012/11/14 18:42:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/14 18:18:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/14 18:09:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/14 07:48:23 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Application Data\wklnhst.dat
[2012/11/14 00:02:09 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2012/11/12 17:21:53 | 000,376,290 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Desktop\NACVA CAll For Presenters.pdf
[2012/11/12 17:16:55 | 000,164,268 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Desktop\Nacva 2011 RFP.htm
[2012/11/12 14:32:17 | 000,076,187 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Desktop\how_to_find_hidden_assets.html
[2012/11/11 21:47:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/11 21:47:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/11/11 11:28:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/10 22:03:41 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2012/11/08 20:47:25 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/22 03:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/10/22 03:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/14 21:50:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Desktop\MBR.dat
[2012/11/14 00:02:09 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2012/11/14 00:02:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/14 00:00:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/14 00:00:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/14 00:00:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/14 00:00:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/14 00:00:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/12 17:16:54 | 000,164,268 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Desktop\Nacva 2011 RFP.htm
[2012/11/12 16:24:00 | 000,376,290 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Desktop\NACVA CAll For Presenters.pdf
[2012/11/12 14:32:15 | 000,076,187 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Desktop\how_to_find_hidden_assets.html
[2012/11/11 21:47:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/11 11:28:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/04 21:48:50 | 000,000,616 | ---- | C] () -- C:\WINDOWS\obd.ini
[2012/09/18 21:06:53 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\default.pls
[2012/09/18 18:02:30 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\GBLOCK\.rnd
[2012/02/28 22:34:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 17:10:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\agent.exe
[2012/02/11 17:10:00 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\sdtnpm.dll
[2011/12/02 00:26:06 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/03 21:34:16 | 000,167,949 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\mv.db
[2010/04/03 21:34:16 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\settings.ini
[2009/12/12 20:06:27 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/14 10:13:10 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\wklnhst.dat
[2009/11/01 17:46:42 | 000,605,092 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3900.QLF
[2009/11/01 17:46:42 | 000,574,840 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3700.QLF
[2009/11/01 17:46:42 | 000,534,484 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3000.QLF
[2009/11/01 17:46:42 | 000,469,504 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP1632.QLF
[2009/11/01 17:46:42 | 000,321,213 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP816.QLF
[2009/11/01 17:46:42 | 000,269,684 | ---- | C] () -- C:\Documents and Settings\GBLOCK\PCD3000.EXE
[2009/11/01 17:46:42 | 000,260,439 | ---- | C] () -- C:\Documents and Settings\GBLOCK\XP600.QLF
[2009/11/01 17:46:42 | 000,211,282 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP800.QLF
[2009/11/01 17:46:42 | 000,210,160 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3900.QLD
[2009/11/01 17:46:42 | 000,209,869 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP800E.QLF
[2009/11/01 17:46:42 | 000,208,735 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3700.QLD
[2009/11/01 17:46:42 | 000,202,705 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP808.QLF
[2009/11/01 17:46:42 | 000,186,388 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP400.QLF
[2009/11/01 17:46:42 | 000,186,159 | ---- | C] () -- C:\Documents and Settings\GBLOCK\XP400.QLF
[2009/11/01 17:46:42 | 000,178,028 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP1632.QLD
[2009/11/01 17:46:42 | 000,174,585 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP816.QLD
[2009/11/01 17:46:42 | 000,141,659 | ---- | C] () -- C:\Documents and Settings\GBLOCK\PCD3000.QLF
[2009/11/01 17:46:42 | 000,007,276 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3000.QLD
[2009/11/01 17:46:42 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\GBLOCK\XP600.QLD
[2009/11/01 17:46:42 | 000,002,402 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP800.QLD
[2009/11/01 17:46:42 | 000,002,212 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP808.QLD
[2009/11/01 17:46:42 | 000,002,195 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP800E.QLD
[2009/11/01 17:46:42 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MODEM.LST
[2009/11/01 17:46:42 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\GBLOCK\XP400.QLD
[2009/11/01 17:46:42 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP400.QLD
[2009/10/21 16:44:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2009/10/21 16:44:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\Synth Leads
[2009/10/21 16:44:10 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Clips
[2009/10/21 16:40:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2009/10/21 12:14:23 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\GBLOCK\default.pls
[2009/10/09 18:20:41 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
========== ZeroAccess Check ==========
[2009/06/22 22:59:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 18:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
-
Copies of TDSS log and ASWMBR log.
21:20:38.0578 2544 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:20:39.0312 2544 ============================================================
21:20:39.0312 2544 Current date / time: 2012/11/14 21:20:39.0312
21:20:39.0312 2544 SystemInfo:
21:20:39.0312 2544
21:20:39.0312 2544 OS Version: 5.1.2600 ServicePack: 3.0
21:20:39.0312 2544 Product type: Workstation
21:20:39.0312 2544 ComputerName: GLENNEEEPC
21:20:39.0312 2544 UserName: GBLOCK
21:20:39.0312 2544 Windows directory: C:\WINDOWS
21:20:39.0312 2544 System windows directory: C:\WINDOWS
21:20:39.0312 2544 Processor architecture: Intel x86
21:20:39.0312 2544 Number of processors: 2
21:20:39.0312 2544 Page size: 0x1000
21:20:39.0312 2544 Boot type: Normal boot
21:20:39.0312 2544 ============================================================
21:20:40.0515 2544 BG loaded
21:20:41.0078 2544 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:20:41.0093 2544 ============================================================
21:20:41.0093 2544 \Device\Harddisk0\DR0:
21:20:41.0109 2544 MBR partitions:
21:20:41.0109 2544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0
21:20:41.0109 2544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E
21:20:41.0109 2544 ============================================================
21:20:41.0218 2544 C: <-> \Device\Harddisk0\DR0\Partition1
21:20:41.0375 2544 D: <-> \Device\Harddisk0\DR0\Partition2
21:20:41.0515 2544 ============================================================
21:20:41.0515 2544 Initialize success
21:20:41.0515 2544 ============================================================
21:21:57.0234 2464 Deinitialize success
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 21:26:53
-----------------------------
21:26:53.734 OS Version: Windows 5.1.2600 Service Pack 3
21:26:53.734 Number of processors: 2 586 0x1C02
21:26:53.734 ComputerName: GLENNEEEPC UserName: GBLOCK
21:26:54.218 Initialize success
21:32:31.546 AVAST engine defs: 12111401
21:32:42.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:32:42.296 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
21:32:42.328 Disk 0 MBR read successfully
21:32:42.328 Disk 0 MBR scan
21:32:42.375 Disk 0 Windows XP default MBR code
21:32:42.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 73790 MB offset 63
21:32:42.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73782 MB offset 151123455
21:32:42.453 Disk 0 Partition 3 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302230845
21:32:42.484 Disk 0 Partition 4 00 EF EFI FAT A1311 47 MB offset 312480315
21:32:42.500 Disk 0 scanning sectors +312576705
21:32:42.578 Disk 0 scanning C:\WINDOWS\system32\drivers
21:32:55.078 Service scanning
21:33:21.046 Modules scanning
21:33:27.312 Disk 0 trace - called modules:
21:33:27.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk32.tmp hal.dll iaStor.sys
21:33:27.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3a3030]
21:33:27.375 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a38d8d8]
21:33:27.390 5 tsk32.tmp[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89de5028]
21:33:27.921 AVAST engine scan C:\WINDOWS
21:33:56.968 AVAST engine scan C:\WINDOWS\system32
21:37:59.921 AVAST engine scan C:\WINDOWS\system32\drivers
21:38:16.812 AVAST engine scan C:\Documents and Settings\GBLOCK
21:44:45.031 AVAST engine scan C:\Documents and Settings\All Users
21:45:59.734 Scan finished successfully
21:50:40.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\GBLOCK\Desktop\MBR.dat"
21:50:40.281 The log file has been saved successfully to "C:\Documents and Settings\GBLOCK\Desktop\aswMBR.txt"
-
Oops.... sorry..., I may have jumped the gun to soon on this one by saying everything was working. I'm still having the same problem, though this morning, it seemed to have worked fine for a little bit. I will wait for further instructions from you, but in the meantime, I followwed your request, and here is the output log:
ComboFix 12-11-14.01 - GBLOCK 11/14/2012 18:10:58.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1435 [GMT -5:00]
Running from: c:\documents and settings\GBLOCK\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\GBLOCK\Desktop\CFScript1.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\GBLOCK\WINDOWS
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-12 02:45 . 2012-10-24 17:50 16864 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-11-11 16:32 . 2012-11-11 16:32 8282192 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-11 16:28 . 2012-11-11 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-11 16:28 . 2012-11-11 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 16:28 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 01:47 . 2012-09-18 22:23 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-14 02:41 . 2012-04-25 03:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-14 02:41 . 2011-06-04 20:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 2009-05-20 19:07 916992 ------w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2009-05-20 19:07 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2009-05-20 19:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2009-05-20 19:07 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2009-05-20 19:07 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 00:54 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2012-10-24 17:50 . 2012-11-12 02:47 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-10 1512744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-10 79144]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-04-08 570664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-11-25 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Honeywell\\Fusion\\Remote\\Utility\\IP_Finder.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\GBLOCK\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [7/7/2010 5:18 PM 11448]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/18/2012 5:23 PM 26984]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 8:47 PM 711112]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/1/2009 2:26 AM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [6/1/2009 2:26 AM 39040]
S2 Agent;Agent;c:\windows\agent.exe [2/11/2012 5:10 PM 155648]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/22/2009 10:49 PM 1684736]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/16/2009 11:36 PM 17408]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [4/3/2010 9:19 PM 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [4/3/2010 9:19 PM 398720]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 02:41]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005Core.job
- c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 04:54]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005UA.job
- c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23&v=12.2.5.34&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 107.17.124.1 64.134.255.2 64.134.255.10
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\GBLOCK\Application Data\Mozilla\Firefox\Profiles\ie191ljh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.ebay.com
FF - ExtSQL: 2012-11-11 21:45; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5
FF - ExtSQL: !HIDDEN! 2009-10-20 23:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
HKLM_ActiveSetup-Send To Neat - reg copy HKLM\Software\The Neat Company\Send To Neat HKCU\Software\The Neat Company\Send To Neat
AddRemove-EDIABAS WinKFP Uninstall - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-14 18:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-14 18:21:26
ComboFix-quarantined-files.txt 2012-11-14 23:21
ComboFix2.txt 2012-11-14 05:12
.
Pre-Run: 17,660,731,392 bytes free
Post-Run: 17,640,415,232 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D59E67A2AF84556C708D88AD371E9465
-
I did go to your links...., not sure how I ended up with an old copy......, but the good news is when I turned on my computer today, all seems to be working just fine. Perhaps a reboot did the trick. In any event, I thank you very very much for all of your support.
Glenn
-
Still not working.... here is combofix log. Thanks.
ComboFix 09-11-25.01 - GBLOCK 11/14/2012 0:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1450 [GMT -5:00]
Running from: c:\documents and settings\GBLOCK\My Documents\Downloads\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\79908ce3cf8c3a41.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
.
2012-11-12 02:47 . 2012-11-12 02:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-11 16:32 . 2012-11-11 16:32 8282192 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-11 16:28 . 2012-11-11 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-11 16:28 . 2012-11-11 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 16:28 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-26 19:00 . 2012-10-26 19:00 4735512 ----a-w- c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2012-10-26 18:59 . 2012-10-26 18:59 329240 ----a-w- c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\npgoogletalk.dll
2012-10-26 18:17 . 2012-10-26 18:17 3734536 ----a-w- c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 04:48 . 2012-09-18 22:23 -------- d-----w- c:\program files\AVG Secure Search
2012-11-14 04:44 . 2009-10-09 23:44 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-11-11 03:03 . 2009-10-21 21:40 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2012-11-10 21:55 . 2010-10-26 02:18 -------- d-----w- c:\documents and settings\GBLOCK\Application Data\vlc
2012-11-09 01:47 . 2012-09-18 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-11-09 01:47 . 2012-09-18 22:23 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-14 19:56 . 2009-06-23 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2012-10-14 19:49 . 2009-06-23 03:51 -------- d-----w- c:\program files\Microsoft Works
2012-10-14 02:41 . 2012-04-25 03:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-05 01:25 . 2012-10-05 01:25 -------- d-----w- c:\program files\7-Zip
2012-10-01 16:30 . 2009-10-09 23:17 -------- d-----w- c:\documents and settings\GBLOCK\Application Data\Skype
2012-10-01 16:28 . 2009-06-23 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-10-01 16:28 . 2012-10-01 16:28 -------- d-----w- c:\program files\Common Files\Skype
2012-10-01 16:28 . 2012-10-01 16:28 -------- d-----r- c:\program files\Skype
2012-09-18 23:00 . 2009-10-21 16:38 -------- d-----w- c:\program files\Common Files\Nero
2012-09-18 22:59 . 2012-09-18 22:59 -------- d-----w- c:\program files\Nero
2012-09-18 22:58 . 2009-10-21 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2012-09-18 22:24 . 2012-09-18 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2012-09-18 22:23 . 2012-09-18 22:23 -------- d-----w- c:\documents and settings\GBLOCK\Application Data\AVG Secure Search
2012-09-18 22:23 . 2012-09-18 22:23 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-28 15:14 . 2009-05-20 19:07 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2009-05-20 19:07 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-24 13:53 . 2009-05-20 19:07 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-24 17:50 . 2012-11-12 02:47 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312]
"Google Update"="c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-03-26 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup" [X]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe VMUVC" [X]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-10 1512744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-10 79144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-04-08 570664]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-11-25 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Honeywell\\Fusion\\Remote\\Utility\\IP_Finder.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\GBLOCK\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [7/7/2010 5:18 PM 11448]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/18/2012 5:23 PM 26984]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/22/2009 11:03 PM 55152]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 8:47 PM 711112]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [6/22/2009 10:46 PM 10752]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/1/2009 2:26 AM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [6/1/2009 2:26 AM 39040]
S2 Agent;Agent;c:\windows\agent.exe [2/11/2012 5:10 PM 155648]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/24/2012 10:19 PM 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/22/2009 10:49 PM 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 8:08 PM 533360]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11/11/2012 9:47 PM 115168]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/16/2009 11:36 PM 17408]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [4/3/2010 9:19 PM 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [4/3/2010 9:19 PM 398720]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WS2IFSL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d8531fb-ea89-11df-bc18-002243f3898b}]
\Shell\AutoRun\command - E:\StartHerePC.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f3f492-eae9-11df-bc19-002243f3898b}]
\Shell\AutoRun\command - e:\shelexec.exe @exedrv@\FVSindex.html
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f3f493-eae9-11df-bc19-002243f3898b}]
\Shell\AutoRun\command - e:\shelexec.exe @exedrv@\FVSindex.html
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008]
reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Send To Neat]
reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
Contents of the 'Scheduled Tasks' folder
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 02:41]
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005Core.job
- c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 04:54]
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005UA.job
- c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23&v=12.2.5.34&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\GBLOCK\Application Data\Mozilla\Firefox\Profiles\ie191ljh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.ebay.com
FF - plugin: c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
AddRemove-AVG Secure Search - c:\program files\AVG Secure Search\UNINSTALL.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-14 00:12
ComboFix-quarantined-files.txt 2012-11-14 05:11
Pre-Run: 14,886,535,168 bytes free
Post-Run: 17,725,460,480 bytes free
- - End Of File - - EECD0E2F4F9C0B14D8A773467D1D586C
-
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : GBLOCK [Admin rights]
Mode : Remove -- Date : 11/13/2012 23:11:33
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] agent.exe -- C:\WINDOWS\agent.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtResumeThread -> HOOKED (Unknown @ 0x000000CC)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543216L9SA00 +++++
--- User ---
[MBR] 99618133e85ee50e09035d5381c3059c
[bSP] 16c5bd73d481b4026f476b4c3eccab1b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 73790 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 151123455 | Size: 73782 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302230845 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312480315 | Size: 47 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_11132012_02d2311.txt >>
RKreport[1]_S_11132012_02d2311.txt ; RKreport[2]_D_11132012_02d2311.txt
-
Running Windows XP Home edition version 2002 sp3
When trying to run google.com dns redirects to 87.125.87.103. Checked host file and all looks ok. Ran Malwarebytes but no fix.
DDS file
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by GBLOCK at 22:25:34 on 2012-11-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1500 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AsScrPro.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://isearch.avg.com/?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23:32&v=12.2.5.34&sap=hp
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [Google Update] "c:\documents and settings\gblock\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 69.78.96.14 66.174.95.44
TCP: Interfaces\{65197B67-2E55-4FB1-BC95-8142C72E5B4D} : DHCPNameServer = 69.78.96.14 66.174.95.44
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gblock\application data\mozilla\firefox\profiles\ie191ljh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.ebay.com
FF - plugin: c:\documents and settings\gblock\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\gblock\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\gblock\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-11-11 21:45; avg@toolbar; c:\documents and settings\all users\application data\avg secure search\firefoxext\13.2.0.5
FF - ExtSQL: !HIDDEN! 2009-10-20 23:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-7-7 11448]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-18 26984]
R2 Agent;Agent;c:\windows\agent.exe [2012-2-11 155648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-22 55152]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-10-16 17408]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-4-3 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-4-3 398720]
.
=============== Created Last 30 ================
.
2012-11-12 02:45:09 16864 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-11-11 16:32:53 8282192 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-11 16:28:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-11 16:28:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 16:28:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-09 01:47:35 -------- d-----w- c:\windows\system32\cache
.
==================== Find3M ====================
.
2012-11-09 01:47:25 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-14 02:41:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-14 02:41:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 22:26:35.28 ===============
Attach file
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/10/2009 6:07:59 AM
System Uptime: 11/12/2012 9:19:59 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel® Atom™ CPU N280 @ 1.66GHz | PBGA 437 | 1666/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 72 GiB total, 10.012 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 71.982 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP107: 9/18/2012 6:19:48 PM - Software Distribution Service 3.0
RP108: 9/18/2012 6:56:39 PM - Installed Nero 8 Essentials
RP109: 10/1/2012 12:27:42 PM - Software Distribution Service 3.0
RP110: 10/4/2012 9:19:50 PM - Software Distribution Service 3.0
RP111: 10/14/2012 3:43:30 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Digital Editions
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUS VIBE
ASUS WebStorage
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AVG Security Toolbar
Bing Bar
BitTorrent
Bonjour
Capture NX
Choice Guard
Cisco Systems VPN Client 5.0.03.0560
Compatibility Pack for the 2007 Office system
Data Sync
Digital microscope
Dr.Eee EN
ebi.BookReader3J
EDIABAS WinKFP Uninstall
Eee Docking 1.3.4.0
Eee PC_1005HA Screen Saver
Eee Storage
EeeSplendid
EzMessenger
FontResizer
Fusion Remote
Google Talk Plugin
GoToMeeting 4.5.0.457
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
LiveUpdate
Malwarebytes Anti-Malware version 1.65.1.1000
MicroCapture 2.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (2.0.0.24)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Neat
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Core Files
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
Nero 8 Essentials
neroxml
Nikon Message Center
PDF Settings
Picture Control Utility
QuickBooks
QuickBooks Premier: Accountant Edition 2008
QuickBooks Pro 2010
Quickloader DSN Setup
Quickloader for Windows
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Send To Neat
Skype™ 5.10
StandAlone DVR Center Application
StandAlone DVR Remote Application
StandAlone DVR Viewer Application
Super Hybrid Engine
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
VLC media player 1.0.3
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.1.1
WinZip 16.5
Wireshark 1.2.4
.
==== Event Viewer Messages From Past Week ========
.
11/12/2012 9:28:14 PM, error: Dhcp [1002] - The IP address lease 192.168.154.252 for the Network Card with network address 0025D348DD1F has been denied by the DHCP server 172.20.10.1 (The DHCP Server sent a DHCPNACK message).
11/12/2012 2:25:19 PM, error: Dhcp [1002] - The IP address lease 172.20.10.5 for the Network Card with network address 0025D348DD1F has been denied by the DHCP server 192.168.19.1 (The DHCP Server sent a DHCPNACK message).
11/11/2012 11:45:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
11/11/2012 11:45:19 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================
Can't run google.com....redirects without resolving and times out
in Resolved Malware Removal Logs
Posted
ran the batch file... all working ok. I did read the rest of your post and will delete any other programs that your team had me install that should be uninstalled. I thank you very much for walking me through this over the past few days. I appreciate it very much! Thanks again for all of your help!!!