-
Redirect Virus Problem
I have had the redirect virus, and AVG was saying winlogon.exe and explorer.exe were infected. It also said "virus found win32/patched". I'm sorry, but I did run combofix (I had not yet read the "Before you post" forum). That means I had to remove AVG. Combofix also detected winlogon and explorer as infected. I can post my combofix log or do a new one if you'd like. I actually have tried quite a bit on my own to defeat the virus but have had no success. I appreciate any help and let me know if any other information is needed. Thanks.
Here is my DDS log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 15:09:21.07 on Fri 12/31/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.49 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-7 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-7 243024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
=============== Created Last 30 ================
2010-12-31 21:15:22 98816 ----a-w- c:\windows\sed.exe
2010-12-31 21:15:22 89088 ----a-w- c:\windows\MBR.exe
2010-12-31 21:15:22 256512 ----a-w- c:\windows\PEV.exe
2010-12-31 21:15:22 161792 ----a-w- c:\windows\SWREG.exe
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin
==================== Find3M ====================
2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50:53 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50:32 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50:20 0 ----a-w- c:\windows\system32\FAPD3.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPD1.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPCF.tmp
2010-11-28 01:49:42 0 ----a-w- c:\windows\system32\FAPCC.tmp
============= FINISH: 15:10:33.31 ===============
-
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
I'd like you to read this thread.
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Post fresh dds logs + old ComboFix log.
-
Thank you. I uninstalled utorrent, and below is my new DDS log. It was too many characters to include the ComboFix log, so I've attached it and also the DDS attach.txt. If it's easier for me to do another post with separate logs just let me know. Thanks again.
DDS log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 17:40:02.98 on Tue 01/04/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.697 [GMT -7:00]
============== Running Processes ===============
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\Program Files\Google\Update\GoogleUpdate.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-7 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-7 243024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
=============== Created Last 30 ================
2010-12-31 21:15:22 98816 ----a-w- c:\windows\sed.exe
2010-12-31 21:15:22 89088 ----a-w- c:\windows\MBR.exe
2010-12-31 21:15:22 256512 ----a-w- c:\windows\PEV.exe
2010-12-31 21:15:22 161792 ----a-w- c:\windows\SWREG.exe
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin
==================== Find3M ====================
2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50:53 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50:32 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50:20 0 ----a-w- c:\windows\system32\FAPD3.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPD1.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPCF.tmp
2010-11-28 01:49:42 0 ----a-w- c:\windows\system32\FAPCC.tmp
============= FINISH: 17:42:00.84 ===============
-
Hi,
Upload these files to http://www.virustotal.com and post back the results or links to the results:
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
-
-
Hi,
Upload these files to Virustotal and post back the results like you did with the files above:
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
-
Here they are -
For c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe:
http://www.virustotal.com/file-scan/...b1e-1294456329
For c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe:
http://www.virustotal.com/file-scan/...455-1294456582
-
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Code:
FCopy::
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe|c:\windows\system32\winlogon.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe|c:\windows\explorer.exe
DDS::
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
Folder::
c:\Program Files\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.4 + 9.4.1 update or Adobe Reader X if offered) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 Update 23.
- Click the
Download
button to the right. - Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
* Go here to run an online scanner from ESET.- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is UNchecked.
- Click Scan
- Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
-
Thanks. Here are the results of everything you told me to do:
---When following the instructions for dragging the script to the combofix executable, I get a lot of errors. The first one is:
32788R22FWJFW\iexplore.exe is not a valid Win32 application
I can only select OK, and when I do, the same message continues to come back, though the executable changes\alternates between the following:
FireFox.exe
hidec.exe
PEV.exe
NircmdB.exe
NIRCMD.exe
A total of about 50 error messages come up before they stop. Towards the end, the the blue ComboFix command prompt comes up, only "Access is denied" shows, then the window disappears.
If you need any screen shots or more info on this just let me know.
--I uninstalled Adobe Reader and installed version X
--I uninstalled Adobe Flash Player and installed version 10.1.102.64
--I removed older version Java components and updated to the latest version (jre-6u23-windows-i586)
--Eset's log:
C:\Documents and Settings\All Users\Application Data\SafeReturner\Quarantine\explorer.exe.vir Win32/Bamital.EC trojan
C:\Documents and Settings\All Users\Application Data\SafeReturner\Quarantine\winlogon.exe.vir Win32/Bamital.EC trojan
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.DZ trojan
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-182a8173.zip probably a variant of Win32/Agent.IFZWEVY trojan
C:\Documents and Settings\HP_Administrator\Desktop\LimewireDownloads\mmmbop remix.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\692926503.dll.vir a variant of Win32/Kryptik.DJM trojan
C:\WINDOWS\explorer.exe Win32/Bamital.EC trojan
C:\WINDOWS\system32\winlogon.exe Win32/Bamital.EC trojan
C:\WINDOWS\system32\drivers\etc\hosts.20100422-234048.backup Win32/Qhost trojan
Operating memory Win32/Bamital.EC trojan
--DDS Log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 15:40:13.42 on Sat 01/08/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.255 [GMT -7:00]
============== Running Processes ===============
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-system: huuipbxzyjxjlyqlrnmrTaskMgr = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: trymedia.com
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\d9y2cq1r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11a7d6&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\d9y2cq1r.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Google Bookmarks for Firefox: {473f9a20-ce5a-11da-a94d-0800200c9a66} - %profile%\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-7 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-7 243024]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-6-2 194304]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 136176]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-30 16968]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S4 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
=============== Created Last 30 ================
2011-01-08 17:30:31 -------- d-----w- c:\program files\ESET
2011-01-08 17:22:25 -------- d-s---w- C:\ComboFix
2011-01-08 17:20:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-08 17:20:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 17:20:56 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-31 21:15:08 -------- d-----w- C:\NewCF
2010-12-31 20:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-31 20:06:34 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2010-12-31 00:37:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-31 00:37:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-31 00:37:40 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-31 00:37:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-31 00:32:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-31 00:26:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-31 00:26:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-31 00:09:11 -------- d-----w- c:\program files\Bonjour
2010-12-15 03:24:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Garmin
2010-12-15 02:52:13 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\GARMIN_Corp
2010-12-15 02:30:46 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GARMIN
2010-12-14 23:57:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2010-12-14 23:57:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-12-14 23:55:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-12-14 23:55:47 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-12-14 23:55:29 -------- d-----w- C:\Garmin
2010-12-14 23:55:27 -------- d-----w- c:\program files\Garmin
==================== Find3M ====================
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 00:44:12 3818105 ----a-w- C:\ComboFix.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46D.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP46A.tmp
2010-11-29 00:31:26 0 ----a-w- c:\windows\system32\FAP462.tmp
2010-11-29 00:31:23 0 ----a-w- c:\windows\system32\FAP453.tmp
2010-11-29 00:25:55 0 ----a-w- c:\windows\system32\FAP450.tmp
2010-11-29 00:24:49 0 ----a-w- c:\windows\system32\FAP443.tmp
2010-11-29 00:24:48 0 ----a-w- c:\windows\system32\FAP42A.tmp
2010-11-29 00:24:47 0 ----a-w- c:\windows\system32\FAP41F.tmp
2010-11-29 00:24:46 0 ----a-w- c:\windows\system32\FAP41D.tmp
2010-11-28 23:19:22 0 ----a-w- c:\windows\system32\FAP40D.tmp
2010-11-28 23:19:21 0 ----a-w- c:\windows\system32\FAP40B.tmp
2010-11-28 23:14:15 0 ----a-w- c:\windows\system32\FAP408.tmp
2010-11-28 23:10:05 0 ----a-w- c:\windows\system32\FAP404.tmp
2010-11-28 23:08:43 0 ----a-w- c:\windows\system32\FAP402.tmp
2010-11-28 23:08:03 0 ----a-w- c:\windows\system32\FAP3FF.tmp
2010-11-28 23:08:00 0 ----a-w- c:\windows\system32\FAP3FD.tmp
2010-11-28 23:07:55 0 ----a-w- c:\windows\system32\FAP3FB.tmp
2010-11-28 23:07:54 0 ----a-w- c:\windows\system32\FAP3F8.tmp
2010-11-28 23:07:47 0 ----a-w- c:\windows\system32\FAP3F6.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F4.tmp
2010-11-28 23:06:31 0 ----a-w- c:\windows\system32\FAP3F1.tmp
2010-11-28 23:06:30 0 ----a-w- c:\windows\system32\FAP3EF.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3EB.tmp
2010-11-28 23:06:27 0 ----a-w- c:\windows\system32\FAP3E8.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E6.tmp
2010-11-28 23:06:26 0 ----a-w- c:\windows\system32\FAP3E4.tmp
2010-11-28 23:06:03 0 ----a-w- c:\windows\system32\FAP3E1.tmp
2010-11-28 23:06:02 0 ----a-w- c:\windows\system32\FAP3DF.tmp
2010-11-28 23:05:56 0 ----a-w- c:\windows\system32\FAP3DD.tmp
2010-11-28 23:03:53 0 ----a-w- c:\windows\system32\FAP3DB.tmp
2010-11-28 23:03:37 0 ----a-w- c:\windows\system32\FAP3D9.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3D1.tmp
2010-11-28 22:41:03 0 ----a-w- c:\windows\system32\FAP3CF.tmp
2010-11-28 22:41:02 0 ----a-w- c:\windows\system32\FAP3CD.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A9.tmp
2010-11-28 20:08:42 0 ----a-w- c:\windows\system32\FAP3A7.tmp
2010-11-28 20:08:23 0 ----a-w- c:\windows\system32\FAP3A5.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A3.tmp
2010-11-28 20:08:20 0 ----a-w- c:\windows\system32\FAP3A1.tmp
2010-11-28 20:02:51 0 ----a-w- c:\windows\system32\FAP39D.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP39B.tmp
2010-11-28 20:02:47 0 ----a-w- c:\windows\system32\FAP397.tmp
2010-11-28 19:59:09 0 ----a-w- c:\windows\system32\FAP38E.tmp
2010-11-28 19:59:05 0 ----a-w- c:\windows\system32\FAP383.tmp
2010-11-28 19:59:04 0 ----a-w- c:\windows\system32\FAP37A.tmp
2010-11-28 19:58:26 0 ----a-w- c:\windows\system32\FAP378.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP364.tmp
2010-11-28 19:58:22 0 ----a-w- c:\windows\system32\FAP35E.tmp
2010-11-28 19:57:53 0 ----a-w- c:\windows\system32\FAP351.tmp
2010-11-28 19:57:47 0 ----a-w- c:\windows\system32\FAP34F.tmp
2010-11-28 19:57:45 0 ----a-w- c:\windows\system32\FAP34B.tmp
2010-11-28 19:56:04 0 ----a-w- c:\windows\system32\FAP345.tmp
2010-11-28 19:37:06 0 ----a-w- c:\windows\system32\FAP334.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP30B.tmp
2010-11-28 16:25:41 0 ----a-w- c:\windows\system32\FAP306.tmp
2010-11-28 16:25:39 0 ----a-w- c:\windows\system32\FAP300.tmp
2010-11-28 16:25:38 0 ----a-w- c:\windows\system32\FAP2FC.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2E6.tmp
2010-11-28 16:25:26 0 ----a-w- c:\windows\system32\FAP2D5.tmp
2010-11-28 16:25:23 0 ----a-w- c:\windows\system32\FAP2CE.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2C7.tmp
2010-11-28 16:25:17 0 ----a-w- c:\windows\system32\FAP2B2.tmp
2010-11-28 16:25:16 0 ----a-w- c:\windows\system32\FAP2AD.tmp
2010-11-28 16:25:14 0 ----a-w- c:\windows\system32\FAP2A1.tmp
2010-11-28 07:36:19 0 ----a-w- c:\windows\system32\FAP1D8.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1B4.tmp
2010-11-28 07:36:16 0 ----a-w- c:\windows\system32\FAP1AF.tmp
2010-11-28 07:36:15 0 ----a-w- c:\windows\system32\FAP1A8.tmp
2010-11-28 07:36:13 0 ----a-w- c:\windows\system32\FAP19C.tmp
2010-11-28 07:35:18 0 ----a-w- c:\windows\system32\FAP199.tmp
2010-11-28 07:34:29 0 ----a-w- c:\windows\system32\FAP18C.tmp
2010-11-28 07:33:41 0 ----a-w- c:\windows\system32\FAP179.tmp
2010-11-28 07:33:39 0 ----a-w- c:\windows\system32\FAP176.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP16D.tmp
2010-11-28 07:32:15 0 ----a-w- c:\windows\system32\FAP169.tmp
2010-11-28 07:32:12 0 ----a-w- c:\windows\system32\FAP167.tmp
2010-11-28 07:28:36 0 ----a-w- c:\windows\system32\FAP162.tmp
2010-11-28 07:28:34 0 ----a-w- c:\windows\system32\FAP160.tmp
2010-11-28 01:57:17 0 ----a-w- c:\windows\system32\FAPFF.tmp
2010-11-28 01:56:59 0 ----a-w- c:\windows\system32\FAPFD.tmp
2010-11-28 01:56:44 0 ----a-w- c:\windows\system32\FAPFB.tmp
2010-11-28 01:56:18 0 ----a-w- c:\windows\system32\FAPF7.tmp
2010-11-28 01:56:09 0 ----a-w- c:\windows\system32\FAPF5.tmp
2010-11-28 01:56:08 0 ----a-w- c:\windows\system32\FAPF3.tmp
2010-11-28 01:56:07 0 ----a-w- c:\windows\system32\FAPF1.tmp
2010-11-28 01:56:03 0 ----a-w- c:\windows\system32\FAPEF.tmp
2010-11-28 01:51:01 0 ----a-w- c:\windows\system32\FAPEC.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE7.tmp
2010-11-28 01:51:00 0 ----a-w- c:\windows\system32\FAPE4.tmp
2010-11-28 01:50:53 0 ----a-w- c:\windows\system32\FAPE2.tmp
2010-11-28 01:50:32 0 ----a-w- c:\windows\system32\FAPD9.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD7.tmp
2010-11-28 01:50:27 0 ----a-w- c:\windows\system32\FAPD5.tmp
2010-11-28 01:50:20 0 ----a-w- c:\windows\system32\FAPD3.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPD1.tmp
2010-11-28 01:50:17 0 ----a-w- c:\windows\system32\FAPCF.tmp
============= FINISH: 15:42:00.70 ===============
-
Hi,
Please try to run ComboFix with the script in safe mode.