Google Redirect - Ditto

topcat57 · September 20, 2010

I have the paid version of Malwarebytes installed and update it at least every two days. I thought it was supposed to automatically check for updates (that's checked in the options), but it never does. I have to think to manually check for and install updates. I have it set to run daily but never see it running, so I don't know if it runs or not. I manually run it whenever I download updates. The real-time version has caught a couple of threats, so at least I know it's working.

I have AVG Anti-Virus Free which is updated and run daily, Windows firewall, and also run Ad-Aware free occasionally.

The problem I'm having right now is frequent Google redirects, usually to Infomash. Malwarebytes has found no infections.

I tried running GMER, but it either locks up the computer or continues to run for many hours. It's never finished.

I ran Kaspersky's TDSS Killer which found no problems.

What can I do now, please?

LDTate · September 21, 2010

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
It doesn't take long to run, once it is finished move onto the next step

Please download

TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
[*]Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller and GooredFix log.

topcat57 · September 22, 2010

Thank you for your assistance. Here are the two logs. TDSSKiller reported no infection. I'm still getting frequent redirects to Infomash when I do Google searches and click on the results. I use IE7 almost all the time but have Firefox (latest version whatever it is) which I use to access a couple of sites that don't work well in IE. I don't think I've seen this problem with Firefox, just in IE, but again, I don't use Firefox that much. I replaced my real name with "MyName" wherever my real name occurred.

GooredFix by jpshortstuff (03.07.10.1)

Log created at 21:22 on 21/09/2010 (MyName)

Firefox version 3.6.10 (en-US)

========== GooredScan ==========

Deleting

HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{469E4549-65DA-41DF-B787-1809DE1D8819}

-> Success!

Deleting C:\Documents and Settings\MyName\Local Settings\Application

Data\{469E4549-65DA-41DF-B787-1809DE1D8819} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:53 14/05/2009]

C:\Documents and Settings\MyName\Application

Data\Mozilla\Firefox\Profiles\tsa77p17.default\extensions\

{3d7eb24f-2740-49df-8937-200b1cc08f8a} [19:23 30/07/2010]

{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} [22:07 15/08/2010]

{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [00:02 16/04/2010]

{c50ca3c4-5656-43c2-a061-13e717f73fc8} [22:04 29/06/2010]

{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [05:10 09/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [15:14 18/03/2010]

"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [16:05

04/03/2010]

"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web

Printing\MozillaAddOn2" [18:37 10/09/2010]

---------- Old Logs ----------

GooredFix[20.52.21_20-09-2010].txt

-=E.O.F=-

2010/09/21 21:24:32.0687 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/21 21:24:32.0687 ================================================================================

2010/09/21 21:24:32.0687 SystemInfo:

2010/09/21 21:24:32.0687

2010/09/21 21:24:32.0687 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/21 21:24:32.0687 Product type: Workstation

2010/09/21 21:24:32.0687 ComputerName: KAT-4FGI2S40PE

2010/09/21 21:24:32.0687 UserName: MyName

2010/09/21 21:24:32.0687 Windows directory: C:\WINDOWS

2010/09/21 21:24:32.0687 System windows directory: C:\WINDOWS

2010/09/21 21:24:32.0687 Processor architecture: Intel x86

2010/09/21 21:24:32.0687 Number of processors: 2

2010/09/21 21:24:32.0687 Page size: 0x1000

2010/09/21 21:24:32.0687 Boot type: Normal boot

2010/09/21 21:24:32.0687 ================================================================================

2010/09/21 21:24:34.0296 Initialize success

2010/09/21 21:24:38.0484 ================================================================================

2010/09/21 21:24:38.0484 Scan started

2010/09/21 21:24:38.0484 Mode: Manual;

2010/09/21 21:24:38.0484 ================================================================================

2010/09/21 21:24:42.0062 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/21 21:24:42.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/09/21 21:24:42.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/21 21:24:42.0343 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/21 21:24:42.0515 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/09/21 21:24:42.0765 ALCXWDM (ea8d01e733fda92147de62aa04d154a6) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/09/21 21:24:43.0156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/21 21:24:43.0437 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/21 21:24:43.0562 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/21 21:24:43.0703 ati2mtag (b9aa7785f472a658436676cdaafc94da) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/09/21 21:24:44.0031 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/21 21:24:44.0109 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/21 21:24:44.0203 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/09/21 21:24:44.0265 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/09/21 21:24:44.0359 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/09/21 21:24:44.0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/21 21:24:44.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/21 21:24:44.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/21 21:24:44.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/21 21:24:45.0000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/21 21:24:45.0187 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/09/21 21:24:45.0312 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/09/21 21:24:45.0546 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/21 21:24:45.0703 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/21 21:24:45.0843 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/21 21:24:45.0921 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/21 21:24:46.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/21 21:24:46.0093 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/09/21 21:24:46.0218 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2010/09/21 21:24:46.0296 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

2010/09/21 21:24:46.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/21 21:24:46.0562 ENECBPTH (1fec25c49afbc34accbf3dc53031affe) C:\WINDOWS\system32\drivers\ENECBPTH.sys

2010/09/21 21:24:46.0765 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/21 21:24:46.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/21 21:24:46.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/21 21:24:47.0015 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/21 21:24:47.0125 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/21 21:24:47.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/21 21:24:47.0359 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/21 21:24:47.0500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/09/21 21:24:47.0593 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/21 21:24:47.0859 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/09/21 21:24:48.0031 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/09/21 21:24:48.0140 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/09/21 21:24:48.0234 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/21 21:24:48.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/21 21:24:48.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/21 21:24:48.0859 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/21 21:24:48.0937 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/21 21:24:49.0046 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/21 21:24:49.0109 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/21 21:24:49.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/21 21:24:49.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/21 21:24:49.0406 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/09/21 21:24:49.0484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/21 21:24:49.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/21 21:24:49.0656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/21 21:24:49.0718 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/21 21:24:49.0828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/21 21:24:50.0062 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/09/21 21:24:50.0203 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

2010/09/21 21:24:50.0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/21 21:24:50.0453 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/21 21:24:50.0546 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2010/09/21 21:24:50.0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/21 21:24:50.0734 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/21 21:24:50.0921 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2010/09/21 21:24:51.0187 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

2010/09/21 21:24:51.0468 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

2010/09/21 21:24:51.0687 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2010/09/21 21:24:51.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/21 21:24:52.0125 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/21 21:24:52.0281 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/21 21:24:52.0421 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/21 21:24:52.0562 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/21 21:24:52.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/21 21:24:52.0750 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/21 21:24:52.0875 Mtlmnt5 (39da959a487959d72543646f86a23ff8) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys

2010/09/21 21:24:53.0125 Mtlstrm (4d6f35a4549aa986088abbc133b46ef0) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys

2010/09/21 21:24:53.0375 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/21 21:24:53.0500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/21 21:24:53.0625 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/21 21:24:53.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/21 21:24:53.0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/21 21:24:53.0921 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/21 21:24:53.0984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/21 21:24:54.0109 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/21 21:24:54.0250 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/21 21:24:54.0359 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/21 21:24:54.0453 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2010/09/21 21:24:54.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/21 21:24:54.0687 NtMtlFax (ae2ff8b20ed1afceb8b36975962f1ee0) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys

2010/09/21 21:24:54.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/21 21:24:54.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/21 21:24:55.0046 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/21 21:24:55.0156 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/21 21:24:55.0281 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/21 21:24:55.0343 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/21 21:24:55.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/21 21:24:55.0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/21 21:24:55.0609 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/21 21:24:55.0671 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/09/21 21:24:56.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/21 21:24:56.0156 PRISM_ICB (30d72b8e4aaf2903e89f58ae2a8cb30f) C:\WINDOWS\system32\DRIVERS\WG511ICB.sys

2010/09/21 21:24:56.0312 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/21 21:24:56.0390 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/21 21:24:56.0468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/21 21:24:56.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/21 21:24:56.0796 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/09/21 21:24:56.0875 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/21 21:24:56.0968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/21 21:24:57.0140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/21 21:24:57.0265 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/21 21:24:57.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/21 21:24:57.0437 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/21 21:24:57.0515 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\System32\DRIVERS\RecAgent.sys

2010/09/21 21:24:57.0609 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/21 21:24:57.0765 RTL8023 (8b0b3474a8da1ab41050637cf34c0959) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

2010/09/21 21:24:57.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/21 21:24:58.0046 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/09/21 21:24:58.0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/21 21:24:58.0359 Slntamr (ffc24c839dfb1171a355d3ae3d56d90c) C:\WINDOWS\system32\DRIVERS\slntamr.sys

2010/09/21 21:24:58.0468 SlNtHal (05f10aad2b607121e404bed0cc5fc5c6) C:\WINDOWS\system32\DRIVERS\Slnthal.sys

2010/09/21 21:24:58.0593 SlWdmSup (13fbafe3d7e2684e4c74954d1855f30d) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys

2010/09/21 21:24:58.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/21 21:24:58.0828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/21 21:24:58.0937 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/21 21:24:59.0062 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2010/09/21 21:24:59.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/21 21:24:59.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/21 21:24:59.0531 SynTP (d59e0cf257542d251af3c09286b33f70) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/09/21 21:24:59.0625 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/21 21:24:59.0781 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/21 21:24:59.0890 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/21 21:25:00.0000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/21 21:25:00.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/21 21:25:00.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/21 21:25:00.0281 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/21 21:25:00.0468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/21 21:25:00.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/21 21:25:00.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/21 21:25:00.0765 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/21 21:25:00.0843 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/21 21:25:00.0953 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/21 21:25:01.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/21 21:25:01.0078 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/21 21:25:01.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/21 21:25:01.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/21 21:25:01.0390 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2010/09/21 21:25:01.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/21 21:25:01.0671 WinDriver6 (64b40219c99e2a2f1590516287bee5ca) C:\WINDOWS\system32\drivers\windrvr6.sys

2010/09/21 21:25:01.0906 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/21 21:25:02.0078 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/21 21:25:02.0234 ================================================================================

2010/09/21 21:25:02.0234 Scan finished

2010/09/21 21:25:02.0234 ================================================================================

Please don't attach the scan results, use Copy/Paste
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.
Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
You might want to print these instructions out.
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
It doesn't take long to run, once it is finished move onto the next step
Next:
Please read carefully and follow these steps.
Please download
TDSSKiller.zip
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
[*]Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
please post the contents of that log TDSSKiller and GooredFix log.

LDTate · September 22, 2010

No need to Quote my post.

DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

We've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

topcat57 · September 22, 2010

No need to Quote my post.

Sorry, it automatically does that and it occurred to me right after I posted my reply I should have deleted the quote.

XP Users
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.

Those are my normal settings.

I cleared the Java cache.

I ran ATF Cleaner for both IE and Firefox since I have both installed.

I disabled AVG and ran ComboFix. Here is the log. (I rebooted and reactivated AVG.)

ComboFix 10-09-22.02 - MyName 09/22/2010 16:18:32.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.540 [GMT -5:00]

Running from: c:\documents and settings\MyName\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\MyName\ATT_SST_Installer.exe

c:\documents and settings\MyName\Local Settings\Application Data\{7193A316-EF5C-47B1-9427-EE6E18B8980E}

c:\documents and settings\MyName\Local Settings\Application Data\{7193A316-EF5C-47B1-9427-EE6E18B8980E}\chrome.manifest

c:\documents and settings\MyName\Local Settings\Application Data\{7193A316-EF5C-47B1-9427-EE6E18B8980E}\chrome\content\_cfg.js

c:\documents and settings\MyName\Local Settings\Application Data\{7193A316-EF5C-47B1-9427-EE6E18B8980E}\chrome\content\overlay.xul

c:\documents and settings\MyName\Local Settings\Application Data\{7193A316-EF5C-47B1-9427-EE6E18B8980E}\install.rdf

c:\documents and settings\MyName\Recent\Thumbs.db

c:\program files\INSTALL.LOG

c:\windows\iheqosih.dll

c:\windows\jestertb.dll

c:\windows\system32\CTF

c:\windows\system32\CTF\ctfmon.txt

c:\windows\system32\CTF\Links\OtherProducts.html

c:\windows\system32\CTF\Links\Thumbs.db

c:\windows\system32\Thumbs.db

c:\windows\winhelp.ini

.

((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))

.

2010-09-13 23:46 . 2010-09-13 23:46 -------- d-----w- c:\documents and settings\MyName\Application Data\Auslogics

2010-09-13 23:45 . 2010-09-13 23:45 -------- d-----w- c:\program files\Auslogics

2010-09-12 23:07 . 2010-09-22 02:15 120 ----a-w- c:\windows\Tquwozuxe.dat

2010-09-12 23:07 . 2010-09-21 05:35 0 ----a-w- c:\windows\Esoyijaduxo.bin

2010-09-10 19:01 . 2010-09-22 02:59 -------- d-----w- c:\documents and settings\MyName\Application Data\HPAppData

2010-09-10 18:34 . 2010-09-10 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2010-09-10 18:29 . 2008-10-14 02:00 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2010-09-10 18:29 . 2008-10-14 01:59 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-09-10 18:29 . 2008-10-02 07:24 966656 ----a-r- c:\windows\system32\hpost_p02a.dll

2010-09-10 18:29 . 2008-10-02 07:23 737280 ----a-r- c:\windows\system32\hposwia_p02a.dll

2010-09-10 18:29 . 2008-10-01 12:31 307200 ----a-r- c:\windows\system32\hposc_p02a.dll

2010-09-10 18:27 . 2010-09-10 18:27 -------- d-----w- c:\program files\Common Files\HP

2010-09-10 18:27 . 2010-09-10 18:27 -------- d-----w- c:\program files\Hewlett-Packard

2010-09-10 18:23 . 2010-09-10 18:41 155132 ----a-w- c:\windows\hpoins35.dat

2010-09-10 18:23 . 2008-12-07 10:58 1008 ------w- c:\windows\hpomdl35.dat

2010-09-03 19:00 . 2010-09-03 19:00 -------- d-----w- c:\program files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-22 17:43 . 2010-02-06 04:55 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-20 21:54 . 2010-05-05 14:59 -------- d-----w- c:\program files\Ahead

2010-09-20 00:32 . 2010-02-07 16:51 -------- d-----w- c:\program files\Replay Media Catcher

2010-09-19 23:06 . 2010-02-07 16:55 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-09-19 23:06 . 2010-02-07 16:55 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-09-16 13:47 . 2010-07-01 02:29 -------- d-----w- c:\documents and settings\MyName\Application Data\HpUpdate

2010-09-13 23:02 . 2010-05-01 15:48 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-10 18:40 . 2007-10-25 17:44 34608 ----a-w- c:\documents and settings\MyName\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-10 18:35 . 2009-06-29 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2010-09-10 17:49 . 2010-07-01 02:31 23109 ----a-w- c:\windows\hpqins15.dat

2010-09-10 17:47 . 2010-05-01 17:44 77373 ----a-w- c:\windows\hpqins05.dat

2010-09-03 19:01 . 2008-08-30 16:34 -------- d-----w- c:\program files\Common Files\Apple

2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-15 23:28 . 2010-08-15 21:58 -------- d-----w- c:\program files\Applian Director

2010-08-15 23:01 . 2010-08-15 22:57 -------- d-----w- c:\documents and settings\MyName\Application Data\Replay Media Catcher 4

2010-08-15 22:56 . 2010-08-15 22:56 -------- d-----w- c:\program files\Applian Technologies

2010-07-27 23:44 . 2010-07-27 23:44 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-07-27 23:44 . 2010-07-27 23:44 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-07-22 15:49 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-16 01:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-15 14:41 . 2009-04-01 05:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 14:40 . 2010-07-15 14:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 14:38 . 2009-04-01 05:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2007-11-11 02:02 . 2007-11-11 02:02 774144 ----a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-03 524632]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 335872]

"SoundMan"="SOUNDMAN.EXE" [2003-05-14 55296]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-18 202256]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-10 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-7-7 102400]

Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-1-10 16384]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-12-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 14:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\xnetsrvc.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/30/2009 9:50 AM 64160]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/1/2009 12:37 AM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/1/2009 12:37 AM 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:38 AM 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:40 AM 308136]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/7/2008 11:46 AM 304464]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/7/2008 11:46 AM 20952]

R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\drivers\WG511ICB.sys [3/22/2004 4:50 PM 390016]

S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2010-09-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-861567501-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-861567501-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{C5D1B3B5-ACAB-4686-8854-8B50A573C7F3}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]

2010-09-19 c:\windows\Tasks\WebReg HP Photosmart C309a series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-17 00:22]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: bankofamerica.com\sitekey

Trusted Zone: heritagequestonline.com

Trusted Zone: motive.com\patttbc.att

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game09.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\MyName\Application Data\Mozilla\Firefox\Profiles\tsa77p17.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Download - c:\program files\BellSouth\HelpCenter\SSGet.exe

HKCU-Run-MotiveBBM - c:\program files\ATT-SST\McciBrowser.exe

HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe

HKLM-Run-Kbafojoto - c:\windows\iheqosih.dll

AddRemove-TaxACT 2008 - e:\taxact~1\Unta08.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-22 16:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\MyName\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)

c:\windows\system32\WlNotify.dll

.

Completion time: 2010-09-22 16:28:01

ComboFix-quarantined-files.txt 2010-09-22 21:27

Pre-Run: 20,107,530,240 bytes free

Post-Run: 20,051,476,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - B7DFC765385FB23661D0A5D7B3FBAA66

LDTate · September 23, 2010

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\Tquwozuxe.dat
c:\windows\Esoyijaduxo.bin

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

screen317 · September 28, 2010

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

screen317 · September 29, 2010

Topic reopened at request of topic starter.

LDTate · September 30, 2010

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\Tquwozuxe.dat
c:\windows\Esoyijaduxo.bin

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

topcat57 · October 1, 2010

Also please describe how your computer behaves at the moment.

I'm not sure which moment you mean. After I dragged the CFScript into Combofix and began running it, Combofix seemed to lock up. It didn't work. I finally rebooted the computer and ran it again with no apparent problems. Here is the log.

ComboFix 10-09-28.03 - MyName 09/29/2010 12:33:10.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.396 [GMT -5:00]

Running from: c:\documents and settings\MyName\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))

.

2010-09-29 05:45 . 2010-09-29 13:02 24486 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3166u3165wk.bin

2010-09-29 05:12 . 2010-09-29 13:02 108825 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_243d242kv.bin

2010-09-28 17:48 . 2010-09-28 23:40 20042 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3165u3164uq.bin

2010-09-28 06:41 . 2010-09-28 13:02 22904 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3164u3163iv.bin

2010-09-28 05:02 . 2010-09-28 13:02 317 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_242d241gl.bin

2010-09-27 18:02 . 2010-09-27 23:40 21421 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3163u3162jb.bin

2010-09-27 06:42 . 2010-09-27 14:36 29062 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3162u3161cm.bin

2010-09-27 05:04 . 2010-09-27 14:36 609 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_355d354cm.bin

2010-09-26 18:48 . 2010-09-26 23:40 45706 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3161u3160ua.bin

2010-09-26 07:08 . 2010-09-26 14:53 7623 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3160u3159hx.bin

2010-09-26 05:29 . 2010-09-26 14:53 1131 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_354d3539a.bin

2010-09-25 17:52 . 2010-09-25 22:56 38435 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3159u3158jm.bin

2010-09-25 06:42 . 2010-09-25 13:35 28393 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3158u3157iu.bin

2010-09-24 17:23 . 2010-09-24 22:58 26575 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3157u3156dz.bin

2010-09-24 06:43 . 2010-09-24 14:14 21127 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3156u3155sy.bin

2010-09-24 05:00 . 2010-09-24 14:14 837 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_353d352f.bin

2010-09-23 18:43 . 2010-09-23 23:22 47342 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3155u3154uz.bin

2010-09-23 14:38 . 2010-09-23 14:38 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe

2010-09-23 14:38 . 2010-09-23 14:38 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe

2010-09-23 14:38 . 2010-09-23 14:38 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe

2010-09-23 14:38 . 2010-09-23 14:38 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-09-23 14:38 . 2010-09-23 14:38 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll

2010-09-23 14:38 . 2010-09-23 14:38 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll

2010-09-23 14:38 . 2010-09-23 14:38 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll

2010-09-23 14:38 . 2010-09-23 14:38 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-09-23 14:38 . 2010-09-23 14:38 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll

2010-09-23 14:36 . 2010-09-23 14:36 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-09-23 06:43 . 2010-09-23 14:36 23965 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3154u3153ey.bin

2010-09-23 05:02 . 2010-09-23 23:22 595 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_352d351wf.bin

2010-09-22 18:49 . 2010-09-22 23:18 36812 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3153u3152xm.bin

2010-09-22 17:52 . 2010-09-22 23:18 731 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_351d349dt.bin

2010-09-22 13:57 . 2010-09-22 23:18 317 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_241d2407a.bin

2010-09-22 06:44 . 2010-09-22 14:18 22984 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3152u3150mz.bin

2010-09-22 05:01 . 2010-09-22 14:18 887 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_349d348sd.bin

2010-09-22 05:00 . 2010-09-22 14:18 7542 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_240d239sc.bin

2010-09-21 18:42 . 2010-09-21 22:34 41861 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3150u3149rp.bin

2010-09-21 06:43 . 2010-09-21 15:27 21602 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3149u3148ix.bin

2010-09-21 05:00 . 2010-09-21 15:27 797 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_348d347ob.bin

2010-09-21 05:00 . 2010-09-21 15:27 4296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_239d238ob.bin

2010-09-20 17:10 . 2010-09-20 22:37 30197 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3148u3147mr.bin

2010-09-20 06:41 . 2010-09-20 14:23 30992 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3147u3146uc.bin

2010-09-20 05:01 . 2010-09-20 14:23 1906 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_347d346kb.bin

2010-09-20 05:00 . 2010-09-20 14:23 24577 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_238d237ka.bin

2010-09-19 18:42 . 2010-09-20 02:54 42846 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3146u3145rm.bin

2010-09-19 06:41 . 2010-09-19 14:45 32619 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3145u3144cd.bin

2010-09-18 18:43 . 2010-09-18 23:40 69668 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3144u3143ge.bin

2010-09-18 11:36 . 2010-09-23 14:36 42387 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\f9lng855df.bin

2010-09-18 06:41 . 2010-09-18 14:49 101583 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3143u3142is.bin

2010-09-17 18:42 . 2010-09-17 23:37 38247 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3142u3140tb.bin

2010-09-17 06:41 . 2010-09-17 14:08 21064 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3140u3139qd.bin

2010-09-17 05:00 . 2010-09-17 14:08 807 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_346d34487.bin

2010-09-16 18:41 . 2010-09-16 23:35 42171 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3139u3138zh.bin

2010-09-16 06:41 . 2010-09-16 13:52 26193 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3138u3137ej.bin

2010-09-16 05:00 . 2010-09-16 23:35 623 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_344d34346.bin

2010-09-16 05:00 . 2010-09-16 23:35 7824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_237d23646.bin

2010-09-15 18:42 . 2010-09-15 23:04 41045 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3137u3136kl.bin

2010-09-15 06:44 . 2010-09-15 14:20 15960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3136u3135ef.bin

2010-09-15 05:01 . 2010-09-15 14:20 773 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_343d3426.bin

2010-09-15 05:00 . 2010-09-15 14:20 374771 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_236d2355.bin

2010-09-14 18:41 . 2010-09-14 23:17 27657 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3135u3134yi.bin

2010-09-14 06:42 . 2010-09-14 14:33 20660 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3134u3133ar.bin

2010-09-14 05:00 . 2010-09-14 14:33 940 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_342d341w3.bin

2010-09-13 23:46 . 2010-09-13 23:46 -------- d-----w- c:\documents and settings\MyName\Application Data\Auslogics

2010-09-13 23:45 . 2010-09-13 23:45 -------- d-----w- c:\program files\Auslogics

2010-09-13 18:41 . 2010-09-13 23:17 14920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3133u3132cl.bin

2010-09-13 06:42 . 2010-09-13 17:10 12858 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3132u3131pi.bin

2010-09-13 05:00 . 2010-09-13 17:10 868 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_341d339s2.bin

2010-09-12 23:07 . 2010-09-22 02:15 120 ----a-w- c:\windows\Tquwozuxe.dat

2010-09-12 23:07 . 2010-09-21 05:35 0 ----a-w- c:\windows\Esoyijaduxo.bin

2010-09-12 18:40 . 2010-09-12 23:36 17494 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3131u3130bd.bin

2010-09-12 06:41 . 2010-09-12 14:07 11005 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3130u3129ki.bin

2010-09-11 18:42 . 2010-09-11 23:09 31854 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3129u3128pc.bin

2010-09-11 06:42 . 2010-09-11 13:56 9498 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3128u3127ks.bin

2010-09-10 19:01 . 2010-09-29 16:01 -------- d-----w- c:\documents and settings\MyName\Application Data\HPAppData

2010-09-10 18:48 . 2010-09-10 23:30 17581 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3127u3126jx.bin