Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

missionariesofcharity.com site - redirected from google

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 1st, 2010, 6:37 pm

Hi, just about to do the OTL thing, but sorry, I don't know what a router is. Sorry, I know it's shameful!
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am
Advertisement
Register to Remove

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 1st, 2010, 6:45 pm

Hi, here's the OTL log

OTL logfile created on: 01/03/2010 22:38:47 - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = D:\Documents and Settings\Caroline Dexter.049924520170\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 257.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 16.38 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 27.34 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 049924520170
Current User Name: Caroline Dexter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/01 22:38:03 | 000,551,424 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Caroline Dexter.049924520170\My Documents\Downloads\OTL.exe
PRC - [2010/02/18 23:33:08 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/02 14:44:22 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 08:58:05 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 08:58:05 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/23 14:42:37 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/23 14:42:35 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/23 14:42:21 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/06/01 16:41:11 | 000,341,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/05/28 18:58:39 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/05/17 15:05:52 | 002,297,856 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2006/01/30 08:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
PRC - [2006/01/30 07:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2006/01/30 07:47:48 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2005/10/20 05:15:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
PRC - [2005/10/20 05:15:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
PRC - [2005/10/18 11:14:00 | 000,557,056 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/10/04 12:03:18 | 000,310,272 | ---- | M] () -- C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe
PRC - [2004/08/10 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/08 07:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/05/02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003/05/02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/01 22:38:03 | 000,551,424 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Caroline Dexter.049924520170\My Documents\Downloads\OTL.exe
MOD - [2009/06/01 16:41:24 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2006/08/25 15:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/01/30 07:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll
MOD - [2004/10/04 10:12:06 | 000,046,080 | ---- | M] () -- C:\Program Files\Goto Software\Vade Retro\VrOe_hook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/23 14:42:21 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/23 16:24:10 | 000,953,168 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/13 12:35:12 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2006/01/30 07:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2005/10/20 05:15:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/04/08 07:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2009/11/23 14:44:29 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/23 14:44:28 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/23 14:44:28 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/23 16:24:24 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/02/23 08:52:58 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/10/13 10:23:15 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2006/10/05 12:06:17 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/09/28 04:36:04 | 000,144,561 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1005.sys -- (RDID1005)
DRV - [2006/09/05 01:16:04 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006/06/12 11:05:12 | 000,043,008 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV)
DRV - [2006/05/29 11:03:22 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2006/05/29 11:03:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [2006/05/16 16:32:58 | 004,275,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/27 23:47:00 | 003,663,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/27 16:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/10/18 11:16:00 | 000,905,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/04/25 01:03:00 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 13:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/10 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/10 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 22:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 22:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-357337470-3576400413-644577365-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKU\S-1-5-21-357337470-3576400413-644577365-1005\S-1-5-21-357337470-3576400413-644577365-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-357337470-3576400413-644577365-1005\S-1-5-21-357337470-3576400413-644577365-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google Images"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={24811134-4962-D8EE-1811-175DE14ED9BB}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 15:51:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 23:33:14 | 000,000,000 | ---D | M]

[2009/06/01 21:22:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Mozilla\Extensions
[2010/02/26 18:17:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\extensions
[2009/09/04 11:56:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/29 17:00:35 | 000,000,000 | ---D | M] (Fast Browser Search (My Tattoons)) -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}(2)
[2009/11/29 16:48:39 | 000,005,407 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\searchplugins\fast-browser-search.xml
[2009/06/21 19:29:52 | 000,001,926 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\searchplugins\google-books.xml
[2009/06/22 15:16:14 | 000,004,855 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\searchplugins\google-images.xml
[2009/06/22 12:36:36 | 000,002,434 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\searchplugins\google-scholar.xml
[2010/02/05 19:35:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/27 10:49:05 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/27 10:49:05 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/27 10:49:05 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/27 10:49:06 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/01 22:36:28 | 000,306,026 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10560 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson ResearchSoft)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson ResearchSoft)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-357337470-3576400413-644577365-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-357337470-3576400413-644577365-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Vade Retro Outlook Express] C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-357337470-3576400413-644577365-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-357337470-3576400413-644577365-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-357337470-3576400413-644577365-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-357337470-3576400413-644577365-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-357337470-3576400413-644577365-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-357337470-3576400413-644577365-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-357337470-3576400413-644577365-1005_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-357337470-3576400413-644577365-1005_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\System32\RtlGina2.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Apps\Softex\OmniPass\opxpgina.dll - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/10 07:16:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173310768939008)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 22:19:04 | 000,417,136 | ---- | C] (Sysinternals) -- C:\WINDOWS\handle.exe
[2010/02/28 10:32:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\Malwarebytes
[2010/02/28 10:31:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/28 10:31:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/28 10:31:53 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/28 10:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 08:21:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/21 22:37:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/02/11 08:32:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/02/05 20:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/05 19:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Celebrity Toolbar
[2010/02/05 07:25:57 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/05 07:25:57 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/04 17:28:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Caroline Dexter.049924520170\Tracing
[2010/02/04 17:27:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\microsoft
[2010/02/04 17:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/02/02 20:20:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Caroline Dexter.049924520170\My Documents\HK computer
[2006/10/05 12:32:59 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/10/05 12:32:59 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/10/05 12:32:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/10/05 12:32:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[13 D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\*.tmp files -> D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/01 22:21:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/01 22:15:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 22:15:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 22:15:51 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 19:30:50 | 007,077,888 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\ntuser.dat
[2010/03/01 19:30:50 | 000,000,278 | -HS- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\ntuser.ini
[2010/03/01 19:30:29 | 003,620,508 | -H-- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\IconCache.db
[2010/03/01 17:17:42 | 056,483,219 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/28 22:15:44 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\prvlcl.dat
[2010/02/28 17:35:28 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/02/28 10:32:01 | 000,000,581 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 20:55:29 | 000,000,030 | ---- | M] () -- C:\WINDOWS\iedit.INI
[2010/02/24 17:08:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/21 22:48:00 | 000,026,112 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 21:48:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/19 23:22:28 | 000,241,994 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\bnbnbiluoluyfl.jpg
[2010/02/19 09:47:02 | 001,328,135 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\DSCF1252.jpg
[2010/02/18 08:24:23 | 000,001,615 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\HijackThis.lnk
[2010/02/14 23:14:59 | 000,089,066 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\sofa.JPG
[2010/02/14 23:01:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/10 20:01:47 | 000,002,397 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\n-Track Studio.lnk
[2010/02/10 08:26:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 23:16:34 | 000,091,826 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\katie snow.jpg
[2010/02/08 23:14:49 | 000,072,157 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\katie sam snow.jpg
[2010/02/07 16:00:26 | 000,143,013 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\6a00d8341cafa853ef00e5507bd65d8834-800wi.gif
[2010/02/06 12:30:27 | 000,000,666 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/06 11:30:23 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/02 11:00:45 | 000,100,692 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\Flash 22_PESKIMO-Random-Banner-start_29thJanuary2010.swf
[2010/02/01 23:03:08 | 000,022,859 | ---- | M] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\downs-baby.jpg
[13 D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\*.tmp files -> D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 17:37:31 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/02/28 10:32:01 | 000,000,581 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/19 23:22:27 | 000,241,994 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\bnbnbiluoluyfl.jpg
[2010/02/19 09:47:02 | 001,328,135 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\DSCF1252.jpg
[2010/02/18 08:24:23 | 000,001,615 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\HijackThis.lnk
[2010/02/17 20:43:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/14 23:14:56 | 000,089,066 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\sofa.JPG
[2010/02/08 23:16:33 | 000,091,826 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\katie snow.jpg
[2010/02/08 23:14:48 | 000,072,157 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\katie sam snow.jpg
[2010/02/07 16:00:25 | 000,143,013 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\6a00d8341cafa853ef00e5507bd65d8834-800wi.gif
[2010/02/02 11:00:43 | 000,100,692 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\Flash 22_PESKIMO-Random-Banner-start_29thJanuary2010.swf
[2010/02/01 23:03:06 | 000,022,859 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\downs-baby.jpg
[2009/12/04 20:40:34 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\prvlcl.dat
[2009/10/11 17:23:30 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/10 18:49:48 | 000,000,151 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\fusioncache.dat
[2009/06/04 18:37:57 | 000,031,862 | ---- | C] () -- C:\WINDOWS\System32\RdCi1005.dll
[2009/05/08 08:38:33 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Application Data\wklnhst.dat
[2009/05/08 08:30:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/25 13:51:09 | 000,026,112 | ---- | C] () -- D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/10 23:09:35 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2007/05/27 23:49:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2006/10/05 12:30:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/05 12:08:32 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/10/05 12:04:11 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/05 12:02:10 | 000,007,596 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/10/05 11:49:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/10/05 11:48:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/05 11:48:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/05 11:47:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/05 11:47:49 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/05 11:47:48 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/05 11:47:48 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/05 11:47:33 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/06 14:44:26 | 000,006,740 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/03 16:44:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2006/01/12 11:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/18 11:15:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/10/18 11:15:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/10/18 11:14:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/10/18 11:14:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/10/18 11:14:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/10/18 11:14:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/10/18 11:13:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/10/18 11:13:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/10/18 11:13:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/17 04:41:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/10 14:50:43 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/10 13:57:30 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/12/31 10:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/02/28 17:35:28 | 000,077,312 | ---- | M] () -- C:\mbr.exe


< MD5 for: AGP440.SYS >
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/10 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2006/05/29 11:03:22 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\PNP\MOBO\VIAMRAID.SYS
[2006/05/29 11:03:22 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\system32\drivers\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 04:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/12/22 05:35:05 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/12/22 05:35:05 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004/08/10 13:00:00 | 001,392,671 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/09/10 14:22:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/09/10 14:22:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/10 14:22:08 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

thanks
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 1st, 2010, 6:50 pm

I have a netgear wireless dongle, and the router is Speedtouch

thanks
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am

Re: missionariesofcharity.com site - redirected from google

Unread postby melboy » March 2nd, 2010, 4:41 pm

carofino wrote: sorry, I don't know what a router is. Sorry, I know it's shameful!
Not at all! :)



ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 3rd, 2010, 5:04 pm

Hi, here you go

ComboFix 10-03-03.03 - Caroline Dexter 03/03/2010 20:34:45.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.619 [GMT 0:00]
Running from: d:\documents and settings\Caroline Dexter.049924520170\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-01 22:59 . 2010-03-01 22:59 -------- d-s---w- d:\documents and settings\NetworkService.NT AUTHORITY.000\UserData
2010-02-28 22:19 . 2008-11-18 13:15 417136 ----a-w- c:\windows\handle.exe
2010-02-28 17:37 . 2010-02-28 17:35 77312 ----a-w- C:\mbr.exe
2010-02-28 10:32 . 2010-02-28 10:32 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\Malwarebytes
2010-02-28 10:31 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 10:31 . 2010-02-28 10:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-28 10:31 . 2010-02-28 10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 10:31 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-25 08:21 . 2010-02-25 08:22 -------- d-----w- C:\rsit
2010-02-22 20:13 . 2010-02-22 20:13 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY.000\Application Data\AdobeUM
2010-02-21 22:37 . 2010-02-21 22:37 -------- d--h--w- c:\windows\PIF
2010-02-17 20:43 . 2010-02-17 20:43 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Adobe
2010-02-17 20:43 . 2010-02-20 21:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-11 08:32 . 2010-02-11 08:55 -------- d-----w- c:\windows\system32\Adobe
2010-02-05 20:49 . 2010-02-05 20:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-05 19:28 . 2010-02-05 19:35 -------- d-----w- c:\program files\Celebrity Toolbar
2010-02-05 07:25 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-05 07:25 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-04 17:28 . 2010-02-04 17:28 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Tracing
2010-02-04 17:22 . 2010-02-04 17:22 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 10:35 . 2009-12-04 20:40 0 ----a-w- d:\documents and settings\Caroline Dexter.049924520170\Local Settings\Application Data\prvlcl.dat
2010-02-18 09:10 . 2009-05-23 16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-17 15:52 . 2009-05-08 08:39 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\EndNote
2010-02-10 22:22 . 2009-12-12 17:55 174152 ----a-w- d:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-10 21:21 . 2007-06-12 13:00 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\n-Track Studio5
2010-02-09 11:09 . 2007-02-04 21:16 89760 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-08 10:13 . 2009-11-24 07:17 79488 ----a-w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-29 09:56 . 2010-01-29 09:56 50354 ----a-w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\Facebook\uninstall.exe
2010-01-29 09:56 . 2010-01-29 09:56 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\Facebook
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\Facebook\npfbplugin_1_0_1.dll
2009-12-31 16:14 . 2004-09-10 13:57 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:35 . 2004-09-10 13:57 668672 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2004-09-10 13:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-20 11:33 . 2009-12-20 11:33 73016 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 12:58 . 2004-09-10 14:30 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-09-10 13:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2004-09-10 13:57 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2004-08-03 21:59 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-09-10 13:57 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-23 516440]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-23 14:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 07:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave3"=rddv1005.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/05/2009 16:29 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/05/2009 11:33 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/05/2009 11:33 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23/11/2009 14:42 285392]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 16:53 167808]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 19:06 953168]
S3 RDID1005;EDIROL UA-5;c:\windows\system32\drivers\Rdwm1005.sys [04/06/2009 18:37 144561]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [05/09/2006 01:16 217600]
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk
uInternet Connection Wizard,ShellNext = hxxp://www2.arnes.si/~mmilut/BladeEnc.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google Images
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox ... B:official
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... &v=19&tid={24811134-4962-D8EE-1811-175DE14ED9BB}&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documents and settings\Caroline Dexter.049924520170\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 20:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\RtlGina2.dll
c:\apps\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\rddv1005.dll

- - - - - - - > 'explorer.exe'(1860)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\apps\Softex\OmniPass\SCUREDLL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\apps\Softex\OmniPass\Omniserv.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\apps\ABoard\AOSD.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-03 20:49:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-03 20:49

Pre-Run: 17,378,738,176 bytes free
Post-Run: 17,346,752,512 bytes free

- - End Of File - - F4DCC9AD6683910E87E569A943ACD73D

thanks
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am

Re: missionariesofcharity.com site - redirected from google

Unread postby melboy » March 3rd, 2010, 5:07 pm

Hi Carofino

Have the re-directs stopped?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 3rd, 2010, 7:11 pm

yes! great. thanks so much!
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am

Re: missionariesofcharity.com site - redirected from google

Unread postby melboy » March 3rd, 2010, 7:31 pm

Hi

You're welcome! How are things running generally - any problems?



COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Firefox:: 
    FF - ProfilePath - d:\documents and settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\
    FF - prefs.js: browser.search.defaulturl - 
    FF - prefs.js: keyword.URL - 
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 4th, 2010, 5:17 am

Hi,

yes it seems to be OK. The popup about the trojan horse that was coming every 25 mins or so has stopped.

I tried to do the combofix and a blue box came up with this messgae:

'NIRCMDC' is not recognised as an internal or external command, operable program or batch file

thanks
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am

Re: missionariesofcharity.com site - redirected from google

Unread postby melboy » March 4th, 2010, 9:00 am

Hi

yes it seems to be OK
Good - we shouldn't be far off done now, just a couple more things.


Delete the copy of combofix you have on your desktop and download a fresh copy from here.

Carry out the instructions in my last post for running the CFscript again. Please ensure you disable AVG whilst you do this.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 5th, 2010, 5:56 am

here you go...

ComboFix 10-03-04.04 - Caroline Dexter 05/03/2010 9:45.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.404 [GMT 0:00]
Running from: d:\documents and settings\Caroline Dexter.049924520170\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Caroline Dexter.049924520170\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-01 22:59 . 2010-03-01 22:59 -------- d-s---w- d:\documents and settings\NetworkService.NT AUTHORITY.000\UserData
2010-02-28 22:19 . 2008-11-18 13:15 417136 ----a-w- c:\windows\handle.exe
2010-02-28 17:37 . 2010-02-28 17:35 77312 ----a-w- C:\mbr.exe
2010-02-28 10:32 . 2010-02-28 10:32 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\Malwarebytes
2010-02-28 10:31 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 10:31 . 2010-02-28 10:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-28 10:31 . 2010-02-28 10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 10:31 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-25 08:21 . 2010-02-25 08:22 -------- d-----w- C:\rsit
2010-02-22 20:13 . 2010-02-22 20:13 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY.000\Application Data\AdobeUM
2010-02-21 22:37 . 2010-02-21 22:37 -------- d--h--w- c:\windows\PIF
2010-02-17 20:43 . 2010-02-17 20:43 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Adobe
2010-02-17 20:43 . 2010-02-20 21:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-11 08:32 . 2010-02-11 08:55 -------- d-----w- c:\windows\system32\Adobe
2010-02-05 20:49 . 2010-02-05 20:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-05 19:28 . 2010-02-05 19:35 -------- d-----w- c:\program files\Celebrity Toolbar
2010-02-05 07:25 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-05 07:25 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-04 17:28 . 2010-02-04 17:28 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Tracing
2010-02-04 17:22 . 2010-02-04 17:22 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 09:35 . 2009-12-04 20:40 0 ----a-w- d:\documents and settings\Caroline Dexter.049924520170\Local Settings\Application Data\prvlcl.dat
2010-02-18 09:10 . 2009-05-23 16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-17 15:52 . 2009-05-08 08:39 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\EndNote
2010-02-10 22:22 . 2009-12-12 17:55 174152 ----a-w- d:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-10 21:21 . 2007-06-12 13:00 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\n-Track Studio5
2010-02-09 11:09 . 2007-02-04 21:16 89760 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-29 09:56 . 2010-01-29 09:56 -------- d-----w- d:\documents and settings\Caroline Dexter.049924520170\Application Data\Facebook
2009-12-31 16:14 . 2004-09-10 13:57 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:35 . 2004-09-10 13:57 668672 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2004-09-10 13:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-20 11:33 . 2009-12-20 11:33 73016 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 12:58 . 2004-09-10 14:30 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-09-10 13:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2004-09-10 13:57 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2004-08-03 21:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-23 516440]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-23 14:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 07:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave3"=rddv1005.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/05/2009 16:29 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/05/2009 11:33 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/05/2009 11:33 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23/11/2009 14:42 285392]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 16:53 167808]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 19:06 953168]
S3 RDID1005;EDIROL UA-5;c:\windows\system32\drivers\Rdwm1005.sys [04/06/2009 18:37 144561]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [05/09/2006 01:16 217600]
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk
uInternet Connection Wizard,ShellNext = hxxp://www2.arnes.si/~mmilut/BladeEnc.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Caroline Dexter.049924520170\Application Data\Mozilla\Firefox\Profiles\i11aa4b0.default\
FF - prefs.js: browser.search.selectedEngine - Google Images
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox ... B:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documents and settings\Caroline Dexter.049924520170\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 09:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\RtlGina2.dll
c:\apps\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\rddv1005.dll

- - - - - - - > 'explorer.exe'(2516)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
.
Completion time: 2010-03-05 09:50:59
ComboFix-quarantined-files.txt 2010-03-05 09:50
ComboFix2.txt 2010-03-03 20:49

Pre-Run: 17,349,767,168 bytes free
Post-Run: 17,312,878,592 bytes free

- - End Of File - - E66B717BCEB8D6B42B7429398AE4B114

thanks
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am

Re: missionariesofcharity.com site - redirected from google

Unread postby melboy » March 5th, 2010, 8:12 pm

Hi

Great! - How are things running?



Update Adobe Reader
Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall Adobe Reader 7.0 via Start > Control Panel > Add/Remove Programs
  • Install the new downloaded updated software.




Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u18-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs
    Java(TM) 6 Update 13
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.




ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 6th, 2010, 7:10 am

Hi, I've done the java and adobe. How do I get tfc? thanks. Everythig seems to be working ok!
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am

Re: missionariesofcharity.com site - redirected from google

Unread postby melboy » March 6th, 2010, 8:39 am

Hi :)

I had you download it previously here

I presumed you would still have it on your desktop. If not, you can download it here:

TFC by Old Timer
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: missionariesofcharity.com site - redirected from google

Unread postby carofino » March 7th, 2010, 9:33 am

yes you did! Thanks for that. OK here is the logfile:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4a5515248a436e49bbd823f1bb1ff119
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-07 01:26:12
# local_time=2010-03-07 01:26:12 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 24785387 24785387 0 0
# compatibility_mode=1024 16777175 100 0 8980042 8980042 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3900 3900 0 0
# scanned=91011
# found=4
# cleaned=0
# scan_time=4597
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.UI trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP261\A0050226.EXE Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP261\A0050227.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP261\A0050228.DLL probably a variant of Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
carofino
Regular Member
 
Posts: 19
Joined: February 18th, 2010, 4:17 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware