Jump to content

PUM.Bad.Proxy and Spyware.Passwords.XGen


Recommended Posts

Hi all!

I hope everyone's doing well. I was browsing a few soccer-related news sites, some "sketchier" than others (landed on a few link farms, etc.), and was alerted by AVG, while browsing, that a threat had been detected on my computer that concerned two files: conhost.exe and an .exe with a long string of integers as its file name (e.g., "93249349028342009023.exe").

I immediately allowed AVG to "take care of these" (besides quarantining and deleting, I'm not sure what else it can do).

Following that, I re-booted my computer and noticed that I was getting a "proxy connection refused" message whenever trying to browse, across all of my browsers. Sure enough, after running Malwarebytes, I found an instance of 'PUM.Bad.Proxy' which was causing my system proxy settings to be set to my own computer, 127.0.0.1. I removed this and was able to continue browsing.

Finally, *after those two instances*, I once again experienced some browsing problems (a day later). I ran Malwarebytes again and this time it found two instances of 'Spyware.Passwords.XGen' and, of course, the 'PUM.Bad.Proxy.' I once again Malwarebtyes to quarantine/delete these instances.

Since then (another day later), I haven't had problems browsing. However, I'm concerned that there may be remnants of *something* on my computer, particularly considering the second re-occurrence of PUM.Bad.Proxy and the simultaneous introduction of another threat.

I have AVG Free running (fully updated), Malwarebytes, and HiJackThis, as relevant software right now. What can I do (what kind of log file should I show you/etc.) to verify the state of my system?

Thank you so much for your help,

Thomas

Link to post
Share on other sites

Hi and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Hi Elise!

Thanks for turning your attention to this. :)

Unfortunately, the DDS scan isn't able to complete.. I get to about the 70% mark (judging from the number of #s) and it freezes.. I gave it extra time (10 mins +) to run but, still, ultimately had to manually reboot the computer.

Any thoughts as to why? I tried both file types (.scr and the .com one).

Thanks!

Thomas

Link to post
Share on other sites

HI Thomas,

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Thanks Elise.. here are the reports from OTL.

OTL.Txt

-------

OTL logfile created on: 7/10/2011 4:59:34 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.24% Memory free

3.84 Gb Paging File | 3.38 Gb Available in Paging File | 87.88% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.54 Gb Total Space | 43.44 Gb Free Space | 58.28% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 16:57:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2011/06/28 18:46:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe

PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003/07/30 13:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2011/07/10 16:57:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/12/31 09:39:54 | 008,133,120 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)

SRV - [2010/12/31 09:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)

DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)

DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)

DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)

DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)

DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

DRV - [2004/05/04 13:31:18 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2004/02/04 15:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)

DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-274765018-2503423405-4002033684-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-274765018-2503423405-4002033684-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-274765018-2503423405-4002033684-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 10:01:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 18:46:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 18:23:53 | 000,000,000 | ---D | M]

[2011/01/24 20:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2011/06/21 23:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1f0zh2nm.default\extensions

[2011/03/30 21:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/12 23:58:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/02/04 21:21:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/30 20:34:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

File not found (No name found) --

[2011/06/28 18:46:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/01/30 20:34:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/04/01 19:12:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/01/25 08:58:00 | 000,001,733 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)

O3 - HKU\S-1-5-21-274765018-2503423405-4002033684-500\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [LayoutM] C:\WINDOWS\KLayMgr.exe (Chicony)

O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-274765018-2503423405-4002033684-500..\Run: [AdobeBridge] File not found

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-274765018-2503423405-4002033684-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{66301a9a-46b9-11e0-a2df-0013215f5346}\Shell - "" = AutoRun

O33 - MountPoints2\{66301a9a-46b9-11e0-a2df-0013215f5346}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{66301a9a-46b9-11e0-a2df-0013215f5346}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 16:57:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/07/10 15:51:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos

[2011/07/10 15:51:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools

[2011/07/08 16:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis

[2011/07/08 16:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/07/06 17:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2011/07/06 17:58:28 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 17:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/06 17:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/06 17:58:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/06 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/06/20 13:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2011/06/20 12:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/06/20 12:59:18 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll

[2011/06/20 12:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/20 12:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/06/20 12:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/06/20 12:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/06/20 12:57:48 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll

[2011/06/20 12:57:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2011/06/20 12:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/06/14 17:43:30 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[2011/06/12 23:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\skypePM

[2011/06/12 23:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

[2011/06/12 23:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype

[2011/06/12 23:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2011/06/12 23:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011/06/12 23:57:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2011/06/12 23:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/10 16:57:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/10 16:57:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/07/10 16:56:38 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/10 16:56:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/10 15:47:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500UA.job

[2011/07/10 09:37:45 | 121,897,724 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/07/10 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTER-Administrator.job

[2011/07/09 19:47:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500Core.job

[2011/07/08 16:05:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2011/07/08 15:54:51 | 000,189,902 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Step A-Matrix 2.zip

[2011/07/08 15:54:47 | 000,185,948 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Step A-Matrix 1.zip

[2011/07/06 23:11:30 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\F476.3BD

[2011/07/06 17:58:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 22:01:33 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2011/07/05 11:41:31 | 000,164,333 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/06/29 21:47:56 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk

[2011/06/29 19:12:29 | 000,000,428 | ---- | M] () -- C:\bar.emf

[2011/06/24 10:01:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2011/06/21 23:04:41 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

[2011/06/20 12:59:21 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/06/20 12:22:53 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/06/15 03:11:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/15 03:07:58 | 000,422,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/15 03:07:58 | 000,061,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/12 23:59:50 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/10 16:56:38 | 2138,574,848 | -HS- | C] () -- C:\hiberfil.sys

[2011/07/08 16:05:16 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2011/07/08 15:54:51 | 000,189,902 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Step A-Matrix 2.zip

[2011/07/08 15:54:46 | 000,185,948 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Step A-Matrix 1.zip

[2011/07/06 18:23:53 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk

[2011/07/06 17:58:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 19:07:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\F476.3BD

[2011/06/26 23:01:20 | 000,000,428 | ---- | C] () -- C:\bar.emf

[2011/06/20 12:59:21 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/06/12 23:59:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/06/12 23:57:46 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/06/08 00:56:59 | 006,212,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-274765018-2503423405-4002033684-500-0.dat

[2011/06/08 00:56:58 | 000,300,914 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/06/07 19:08:05 | 000,000,032 | RHS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\t60.dat

[2011/05/26 21:49:30 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/03/23 20:50:30 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs

[2011/03/06 21:04:32 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs

[2011/02/14 01:45:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND

[2011/02/12 18:14:22 | 000,021,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/01/30 13:52:48 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe BMP Format CS5 Prefs

[2011/01/25 20:18:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

[2011/01/24 20:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/12/10 14:45:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/12/10 14:43:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll

[2010/12/10 14:41:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010/12/10 14:41:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010/12/10 14:41:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010/12/10 14:41:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010/12/10 14:41:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010/12/10 14:41:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2010/12/10 14:40:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2010/12/10 14:27:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/12/10 14:26:53 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2010/12/10 14:26:48 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2010/12/10 14:26:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2010/12/10 14:25:17 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2010/12/10 14:16:13 | 000,001,065 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/08/10 13:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/09 16:44:34 | 000,422,068 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/09 16:44:34 | 000,061,770 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/09 16:40:44 | 003,486,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/09 16:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/09 16:28:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2001/08/17 16:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/17 16:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/17 16:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/07/21 17:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/07/21 17:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Extras.Txt

----------

OTL Extras logfile created on: 7/10/2011 4:59:34 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.24% Memory free

3.84 Gb Paging File | 3.38 Gb Available in Paging File | 87.88% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.54 Gb Total Space | 43.44 Gb Free Space | 58.28% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-274765018-2503423405-4002033684-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)

"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{2C65D0D7-2B7E-4788-ADB0-8693F344460B}" = Axure RP Pro 6

"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{79770F05-E3B8-4DAA-BEDB-9EBF29EAF527}" = Keyboard Layout Management Application

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 1.00 C2

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F66CAE05-FA3A-EF04-DF5E-F11B9DD58B12}" = Balsamiq Mockups For Desktop

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG" = AVG 2011

"Axure RP Pro 6" = Axure RP Pro 6

"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DebugBar" = DebugBar v5.4.1 for Internet Explorer (remove only)

"FileZilla Client" = FileZilla Client 3.3.5.1

"ie8" = Windows Internet Explorer 8

"IETester" = IETester v0.4.7 (remove only)

"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"matplotlib-py2.6" = Python 2.6 matplotlib-1.0.1

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)

"numpy-py2.6" = Python 2.6 numpy-1.5.1

"Opera 11.00.1156" = Opera 11.00

"PIL-py2.6" = Python 2.6 PIL-1.1.7

"Software Setup" = Software Setup

"TeamViewer 6" = TeamViewer 6

"uTorrent" = µTorrent

"Vim 7.3" = Vim 7.3 (self-installing)

"VISPRO" = Microsoft Office Visio Professional 2007

"VLC media player" = VLC media player 1.1.6

"WampServer 2_is1" = WampServer 2.1

"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-274765018-2503423405-4002033684-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Connect Add-in" = Adobe Connect Add-in

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/7/2011 11:34:45 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application photoshop.exe, version 12.0.0.0, faulting module

photoshop.exe, version 12.0.0.0, fault address 0x017950b4.

Error - 6/14/2011 6:31:06 PM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 6/14/2011 7:55:52 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application adobe help.exe, version 0.0.0.0, faulting module

adobe air.dll, version 2.6.0.19140, fault address 0x008a538c.

< End of report >

Link to post
Share on other sites

Hi again, lets also check for rootkits.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hi Elise!!

Here are the results of that TDSS scan:

---

2011/07/11 07:55:29.0859 2200 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/11 07:55:30.0234 2200 ================================================================================

2011/07/11 07:55:30.0234 2200 SystemInfo:

2011/07/11 07:55:30.0234 2200

2011/07/11 07:55:30.0234 2200 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/11 07:55:30.0234 2200 Product type: Workstation

2011/07/11 07:55:30.0234 2200 ComputerName: COMPUTER

2011/07/11 07:55:30.0234 2200 UserName: Administrator

2011/07/11 07:55:30.0234 2200 Windows directory: C:\WINDOWS

2011/07/11 07:55:30.0234 2200 System windows directory: C:\WINDOWS

2011/07/11 07:55:30.0234 2200 Processor architecture: Intel x86

2011/07/11 07:55:30.0234 2200 Number of processors: 2

2011/07/11 07:55:30.0234 2200 Page size: 0x1000

2011/07/11 07:55:30.0234 2200 Boot type: Normal boot

2011/07/11 07:55:30.0234 2200 ================================================================================

2011/07/11 07:55:31.0843 2200 Initialize success

2011/07/11 07:55:44.0187 2064 ================================================================================

2011/07/11 07:55:44.0187 2064 Scan started

2011/07/11 07:55:44.0187 2064 Mode: Manual;

2011/07/11 07:55:44.0187 2064 ================================================================================

2011/07/11 07:55:44.0828 2064 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2011/07/11 07:55:44.0875 2064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/11 07:55:44.0890 2064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/11 07:55:44.0906 2064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/11 07:55:44.0953 2064 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2011/07/11 07:55:44.0984 2064 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/07/11 07:55:45.0015 2064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/11 07:55:45.0046 2064 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/11 07:55:45.0078 2064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/11 07:55:45.0093 2064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/11 07:55:45.0234 2064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/11 07:55:45.0250 2064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/11 07:55:45.0281 2064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/11 07:55:45.0328 2064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/11 07:55:45.0359 2064 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/07/11 07:55:45.0375 2064 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/07/11 07:55:45.0406 2064 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/07/11 07:55:45.0421 2064 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/07/11 07:55:45.0500 2064 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/07/11 07:55:45.0531 2064 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/07/11 07:55:45.0546 2064 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/07/11 07:55:45.0578 2064 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/07/11 07:55:45.0625 2064 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/07/11 07:55:45.0656 2064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/11 07:55:45.0703 2064 Blfp (9976971b7092f5bff20073ab31ba1598) C:\WINDOWS\system32\DRIVERS\baspxp32.sys

2011/07/11 07:55:45.0734 2064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/11 07:55:45.0765 2064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/11 07:55:45.0796 2064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/11 07:55:45.0828 2064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/11 07:55:45.0953 2064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/11 07:55:46.0015 2064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/11 07:55:46.0093 2064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/11 07:55:46.0109 2064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/11 07:55:46.0140 2064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/11 07:55:46.0156 2064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/11 07:55:46.0187 2064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/11 07:55:46.0203 2064 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/11 07:55:46.0234 2064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/11 07:55:46.0250 2064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/11 07:55:46.0265 2064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/11 07:55:46.0296 2064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/11 07:55:46.0343 2064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/11 07:55:46.0359 2064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/11 07:55:46.0375 2064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/11 07:55:46.0406 2064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/11 07:55:46.0421 2064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/11 07:55:46.0453 2064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/11 07:55:46.0515 2064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/11 07:55:46.0578 2064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/11 07:55:46.0593 2064 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/07/11 07:55:46.0609 2064 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/07/11 07:55:46.0640 2064 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/07/11 07:55:46.0656 2064 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/07/11 07:55:46.0687 2064 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/07/11 07:55:46.0718 2064 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/07/11 07:55:46.0734 2064 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

2011/07/11 07:55:46.0750 2064 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

2011/07/11 07:55:46.0765 2064 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

2011/07/11 07:55:46.0781 2064 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/07/11 07:55:46.0796 2064 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/07/11 07:55:46.0828 2064 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/07/11 07:55:46.0859 2064 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/07/11 07:55:46.0875 2064 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

2011/07/11 07:55:46.0890 2064 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

2011/07/11 07:55:46.0937 2064 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/07/11 07:55:47.0000 2064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/11 07:55:47.0062 2064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/11 07:55:47.0078 2064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/11 07:55:47.0109 2064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/11 07:55:47.0125 2064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/11 07:55:47.0203 2064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/11 07:55:47.0515 2064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/11 07:55:47.0562 2064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/11 07:55:47.0609 2064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/11 07:55:47.0625 2064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/11 07:55:47.0640 2064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/11 07:55:47.0656 2064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/11 07:55:47.0687 2064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/11 07:55:47.0703 2064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/11 07:55:47.0718 2064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/11 07:55:47.0750 2064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/11 07:55:47.0781 2064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/11 07:55:47.0781 2064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/11 07:55:47.0828 2064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/11 07:55:47.0859 2064 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/11 07:55:47.0890 2064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/11 07:55:47.0906 2064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/11 07:55:47.0937 2064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/11 07:55:47.0953 2064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/11 07:55:47.0984 2064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/11 07:55:48.0000 2064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/11 07:55:48.0031 2064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/11 07:55:48.0062 2064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/11 07:55:48.0093 2064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/11 07:55:48.0125 2064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/11 07:55:48.0140 2064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/11 07:55:48.0156 2064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/11 07:55:48.0156 2064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/11 07:55:48.0203 2064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/11 07:55:48.0218 2064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/11 07:55:48.0250 2064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/11 07:55:48.0281 2064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/11 07:55:48.0281 2064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/11 07:55:48.0312 2064 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/07/11 07:55:48.0328 2064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/11 07:55:48.0343 2064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/11 07:55:48.0359 2064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/11 07:55:48.0375 2064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/11 07:55:48.0406 2064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/11 07:55:48.0437 2064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/11 07:55:48.0515 2064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/11 07:55:48.0546 2064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/11 07:55:48.0546 2064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/11 07:55:48.0609 2064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/11 07:55:48.0609 2064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/11 07:55:48.0625 2064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/11 07:55:48.0640 2064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/11 07:55:48.0671 2064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/11 07:55:48.0671 2064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/11 07:55:48.0687 2064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/11 07:55:48.0718 2064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/11 07:55:48.0796 2064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/11 07:55:48.0812 2064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/11 07:55:48.0828 2064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/11 07:55:48.0843 2064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/11 07:55:48.0859 2064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/11 07:55:48.0906 2064 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys

2011/07/11 07:55:48.0953 2064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/11 07:55:48.0968 2064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/11 07:55:49.0000 2064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/11 07:55:49.0015 2064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/11 07:55:49.0031 2064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/11 07:55:49.0078 2064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/11 07:55:49.0093 2064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/11 07:55:49.0109 2064 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

2011/07/11 07:55:49.0125 2064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/11 07:55:49.0140 2064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/11 07:55:49.0156 2064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/11 07:55:49.0187 2064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/11 07:55:49.0203 2064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/11 07:55:49.0234 2064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/11 07:55:49.0234 2064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/11 07:55:49.0281 2064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/11 07:55:49.0343 2064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/11 07:55:49.0375 2064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/11 07:55:49.0437 2064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/11 07:55:49.0484 2064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/11 07:55:49.0500 2064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/11 07:55:49.0546 2064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/11 07:55:49.0578 2064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/11 07:55:49.0593 2064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/11 07:55:49.0625 2064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/11 07:55:49.0640 2064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/11 07:55:49.0671 2064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/11 07:55:49.0687 2064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/11 07:55:49.0718 2064 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/07/11 07:55:49.0750 2064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/11 07:55:49.0828 2064 Boot (0x1200) (75c511d092483384b37846ac3c1e6821) \Device\Harddisk0\DR0\Partition0

2011/07/11 07:55:49.0828 2064 ================================================================================

2011/07/11 07:55:49.0828 2064 Scan finished

2011/07/11 07:55:49.0828 2064 ================================================================================

2011/07/11 07:55:49.0828 1544 Detected object count: 0

2011/07/11 07:55:49.0828 1544 Actual detected object count: 0

Link to post
Share on other sites

Hi there,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi Elise,

I attempted to run ComboFix but ran into a few snags. First, it asked me to completely uninstall AVG (I had already temporarily disabled it). So, I did. After uninstalling, I ran ComboFix again. This time it ran, but much like the DDS scan, it hung up at some point (I left it up to about 30 mins), and it never completed.

What to do? Should I first of all re-install some AV?

Thanks,

Thomas

Link to post
Share on other sites

Hi again, please run the following fix, followed by an updated scan by MBAM, post me both logs.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.
    :otl
    IE - HKU\S-1-5-21-274765018-2503423405-4002033684-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    :commands
    [emptytemp]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Hi there!

Here are the OTL and MBAM logs as requested:

OTL

----

All processes killed

========== OTL ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 3730594700 bytes

->Temporary Internet Files folder emptied: 53484831 bytes

->Java cache emptied: 20874135 bytes

->FireFox cache emptied: 208046413 bytes

->Google Chrome cache emptied: 142517660 bytes

->Apple Safari cache emptied: 7045120 bytes

->Opera cache emptied: 361127 bytes

->Flash cache emptied: 5431279 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Flash cache emptied: 56466 bytes

User: LocalService

->Temp folder emptied: 65536 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 983443 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16694110 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 924 bytes

Total Files Cleaned = 3,992.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07152011_193443

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MBAM

-----

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7154

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/15/2011 8:18:49 PM

mbam-log-2011-07-15 (20-18-49).txt

Scan type: Quick scan

Objects scanned: 149189

Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi Elise,

Things seem to be fine, although I'm unsure if this means that there aren't any remnants left of what happened earlier.

In MBAM's quarantine, these two items are still sitting there:

PUM.Bad.Proxy

Spyware.Passwords.XGen

Should I proceed to delete them?

Here's the OTL logs again with the modifications you made:

OTL

----

All processes killed

========== OTL ==========

HKU\S-1-5-21-274765018-2503423405-4002033684-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 149970 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 33498069 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 1032 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07162011_124749

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Yes, you can remove these items from MBAM's quarantine, although they are perfectly harmless, being already quarantined.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Thats okay; in that case you'll not get a log.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer (although it did not successfully run, it did make some changes and needs to be uninstalled).
    • Please rerun OTL and click the Cleanup button. This will remove all tools and logs we used.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.