Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help to get rid of ohtgnoenriga redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 9th, 2010, 10:55 am

ComboFix:

ComboFix 10-07-08.02 - Chris House 07/09/2010 8:47.6.2 - x86
Running from: c:\documents and settings\Chris House\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris House\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\qmgr.dll --> c:\windows\ERDNT\cache\qmgr.dll
c:\windows\system32\qmgr.dll --> c:\windows\system32\dllcache\qmgr.dll
.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-07 04:58 . 2010-07-07 04:58 -------- d-----w- c:\program files\ESET
2010-07-02 17:14 . 2010-07-02 17:14 -------- d-----w- C:\_OTL
2010-06-28 18:42 . 2010-06-28 18:42 388096 ----a-r- c:\documents and settings\Chris House\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 18:42 . 2010-06-28 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-26 21:47 . 2010-06-26 21:53 -------- d-----w- c:\documents and settings\Chris House\Application Data\Uniblue
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-10 09:01 . 2010-06-10 09:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-10 04:12 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 02:20 . 2009-11-10 00:04 0 ----a-w- c:\documents and settings\Chris House\Local Settings\Application Data\prvlcl.dat
2010-07-08 02:47 . 2009-07-15 18:55 -------- d-----w- c:\program files\AVG
2010-07-07 18:17 . 2009-07-15 19:15 -------- d-----w- c:\documents and settings\Chris House\Application Data\Vso
2010-07-03 20:55 . 2010-02-07 22:57 -------- d-----w- c:\documents and settings\Chris House\Application Data\vlc
2010-07-02 17:24 . 2010-01-17 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 22:08 . 2010-02-05 05:39 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-26 22:08 . 2009-07-15 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-26 22:07 . 2009-07-15 19:15 -------- d-----w- c:\program files\VSO
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:06 . 2010-02-28 05:04 -------- d-----w- c:\program files\eGames
2010-06-26 17:35 . 2009-09-18 22:49 256 ----a-w- c:\windows\system32\pool.bin
2010-06-10 09:20 . 2010-01-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AcrobatUpdater.exe
2010-06-07 03:23 . 2010-06-06 17:44 -------- d-----w- c:\program files\JDownloader
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 17:24 . 2009-07-15 20:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:40 . 2009-07-15 18:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 15:40 . 2009-07-15 18:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 22:38 . 2009-11-06 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-24 20:41 . 2010-05-24 20:36 -------- d-----w- c:\program files\Ultra Video Joiner
2010-05-19 00:56 . 2009-08-24 14:17 -------- d-----w- c:\documents and settings\Chris House\Application Data\dvdcss
2010-05-06 10:36 . 2009-07-14 19:40 919040 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 18:04 . 2009-07-14 19:40 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:39 . 2010-01-17 19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-01-17 19:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-10 17:06 . 2010-02-03 23:53 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-04-10 17:06 . 2010-02-03 23:53 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-04-10 17:05 . 2010-02-03 23:51 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-14 19:38 . 2009-07-14 19:38 35328 --sha-w- c:\windows\system32\sc.exe
2009-12-15 02:17 . 2009-12-14 00:47 3266848 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-15 02:17 . 2009-12-14 00:47 25376 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( SnapShot_2010-07-05_17.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-09 14:29 . 2010-07-09 14:29 16384 c:\windows\temp\Perflib_Perfdata_20c.dat
+ 2009-07-15 17:02 . 2008-04-14 12:00 409088 c:\windows\system32\qmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-11 23:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris House^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Chris House\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 17:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 15:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 08:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-21 01:58 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\javaw.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 5.0.0\\5.0.0.252 (9500)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.7.0\\4.7.0.76 (9530)\\fledge.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SuperMounter;SuperMounter; [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2009-04-02 16512]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-11 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-11 308064]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 08:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(412)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-09 08:53:42
ComboFix-quarantined-files.txt 2010-07-09 14:53
ComboFix2.txt 2010-07-08 18:12
ComboFix3.txt 2010-07-08 02:49
ComboFix4.txt 2010-07-07 04:54
ComboFix5.txt 2010-07-09 14:46

Pre-Run: 55,022,215,168 bytes free
Post-Run: 55,015,501,824 bytes free

- - End Of File - - 9994753D58E25276BC0963FE308A95CF
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm
Advertisement
Register to Remove

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 9th, 2010, 11:01 am

SystemLook


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:57 on 09/07/2010 by Chris House (Administrator - Elevation successful)

========== file ==========

c:\windows\system32\qmgr.dll - File found and opened.
MD5: 574738F61FCA2935F5265DC4E5691314
Created at 17:02 on 15/07/2009
Modified at 12:00 on 14/04/2008
Size: 409088 bytes
Attributes: ------
FileDescription: Background Intelligent Transfer Service
FileVersion: 6.7.2600.5512 (xpsp.080413-2108)
ProductVersion: 6.7.2600.5512
OriginalFilename: qmgr.dll
InternalName: qmgr.dll
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\system32\dllcache\qmgr.dll - File found and opened.
MD5: 574738F61FCA2935F5265DC4E5691314
Created at 17:02 on 15/07/2009
Modified at 12:00 on 14/04/2008
Size: 409088 bytes
Attributes: --a--c
FileDescription: Background Intelligent Transfer Service
FileVersion: 6.7.2600.5512 (xpsp.080413-2108)
ProductVersion: 6.7.2600.5512
OriginalFilename: qmgr.dll
InternalName: qmgr.dll
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\ERDNT\cache\qmgr.dll - File found and opened.
MD5: 574738F61FCA2935F5265DC4E5691314
Created at 18:11 on 08/07/2010
Modified at 12:00 on 14/04/2008
Size: 409088 bytes
Attributes: --a---
FileDescription: Background Intelligent Transfer Service
FileVersion: 6.7.2600.5512 (xpsp.080413-2108)
ProductVersion: 6.7.2600.5512
OriginalFilename: qmgr.dll
InternalName: qmgr.dll
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

-=End Of File=-

TFC:

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Chris House
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 404930 bytes
->Java cache emptied: 646038 bytes
->FireFox cache emptied: 38121528 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5306 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 37.00 mb
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 9th, 2010, 11:54 am

Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4296

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/9/2010 9:53:23 AM
mbam-log-2010-07-09 (09-53-23).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 208939
Time elapsed: 47 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{877112DE-E077-4671-84C8-F90B8E25D419}\RP51\A0007790.sys (Rootkit.Agent) -> Not selected for removal.
C:\System Volume Information\_restore{877112DE-E077-4671-84C8-F90B8E25D419}\RP51\A0007796.exe (Trojan.Zapchast) -> Not selected for removal.
C:\WINDOWS\system32\CCProxy.ini (Trojan.CCProxy) -> Quarantined and deleted successfully.
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 10th, 2010, 3:55 am

Kaspersky Scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 10, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 09, 2010 22:01:23
Records in database: 4242975
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 78665
Threats found: 5
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 02:18:27


File name / Threat / Threats count
C:\Documents and Settings\Chris House\Desktop\Unused\Magic DVD Ripper 5.4.0.exe Infected: Backdoor.Win32.Poison.avca 1
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir Infected: Packed.Win32.Krap.ae 1
C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir Infected: Packed.Win32.Krap.ae 1
C:\Qoobox\Quarantine\C\WINDOWS\msc.exe.vir Infected: Packed.Win32.Krap.ae 1
C:\Qoobox\Quarantine\[4]-Submit_2010-07-06_22.43.37.zip Infected: not-a-virus:Server-Proxy.Win32.CCProxy.bv 1
C:\Qoobox\Quarantine\[4]-Submit_2010-07-07_20.42.42.zip Infected: Backdoor.Win32.Hupigon.aspg 1
C:\System Volume Information\_restore{877112DE-E077-4671-84C8-F90B8E25D419}\RP45\A0005779.exe Infected: Packed.Win32.Krap.hc 1
C:\System Volume Information\_restore{877112DE-E077-4671-84C8-F90B8E25D419}\RP50\A0007459.exe Infected: not-a-virus:Server-Proxy.Win32.CCProxy.bv 1
C:\_OTL\MovedFiles\07052010_110714\C_WINDOWS\system32\comine.exe Infected: Backdoor.Win32.Hupigon.aspg 1
C:\_OTL\MovedFiles\07052010_110714\C_WINDOWS\system32\inetinfo.exe Infected: not-a-virus:Server-Proxy.Win32.CCProxy.bv 1

Selected area has been scanned.
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 10th, 2010, 8:58 am

Hi

Good - How are things running?

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
    C:\Documents and Settings\Chris House\Desktop\Unused\Magic DVD Ripper 5.4.0.exe
    C:\WINDOWS\system32\CCProxy.ini
    
    SysRst::

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 10th, 2010, 1:03 pm

First off thank you very much for all you help. It is greatly appreciated. I didn't know it was going to be such a long process haha. Anyways the ohtgnoenriga redirects seem to be gone, but now I am getting "linksador" pop up windows. Randomly when I click on a link it will go to my page and then it will open up another window with ads and it starts with "linksador". Its not nearly as annoying as the ohtgnoenriga redirects but somewhat annoying none the less. Do you think this could be fixed?



ComboFix:


ComboFix 10-07-10.01 - Chris House 07/10/2010 10:52:08.7.2 - x86
Running from: c:\documents and settings\Chris House\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris House\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Chris House\Desktop\Unused\Magic DVD Ripper 5.4.0.exe"
"c:\windows\system32\CCProxy.ini"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris House\Desktop\Unused\Magic DVD Ripper 5.4.0.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 16:43 . 2010-07-10 16:43 -------- d-----w- C:\found.000
2010-07-07 04:58 . 2010-07-07 04:58 -------- d-----w- c:\program files\ESET
2010-07-02 17:14 . 2010-07-02 17:14 -------- d-----w- C:\_OTL
2010-06-28 18:42 . 2010-06-28 18:42 388096 ----a-r- c:\documents and settings\Chris House\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 18:42 . 2010-06-28 18:42 -------- d-----w- c:\program files\Trend Micro
2010-06-26 21:47 . 2010-06-26 21:53 -------- d-----w- c:\documents and settings\Chris House\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 16:30 . 2009-12-14 00:47 29216 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-07-10 15:42 . 2009-12-14 00:47 4886816 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-07-10 14:04 . 2009-11-10 00:04 0 ----a-w- c:\documents and settings\Chris House\Local Settings\Application Data\prvlcl.dat
2010-07-09 22:34 . 2009-12-14 00:47 50096 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-07-09 22:34 . 2009-12-14 00:47 3572 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-07-08 02:47 . 2009-07-15 18:55 -------- d-----w- c:\program files\AVG
2010-07-07 18:17 . 2009-07-15 19:15 -------- d-----w- c:\documents and settings\Chris House\Application Data\Vso
2010-07-03 20:55 . 2010-02-07 22:57 -------- d-----w- c:\documents and settings\Chris House\Application Data\vlc
2010-07-02 17:24 . 2010-01-17 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 22:08 . 2010-02-05 05:39 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-26 22:08 . 2009-07-15 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-26 22:07 . 2009-07-15 19:15 -------- d-----w- c:\program files\VSO
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:07 . 2009-07-15 19:15 47360 ----a-w- c:\documents and settings\Chris House\Application Data\pcouffin.sys
2010-06-26 22:06 . 2010-02-28 05:04 -------- d-----w- c:\program files\eGames
2010-06-26 17:35 . 2009-09-18 22:49 256 ----a-w- c:\windows\system32\pool.bin
2010-06-10 09:20 . 2010-01-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\11966\AcrobatUpdater.exe
2010-06-07 03:23 . 2010-06-06 17:44 -------- d-----w- c:\program files\JDownloader
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-06 18:01 . 2010-06-01 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 17:24 . 2009-07-15 20:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:40 . 2009-07-15 18:55 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 15:40 . 2009-07-15 18:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 22:38 . 2009-11-06 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-24 20:41 . 2010-05-24 20:36 -------- d-----w- c:\program files\Ultra Video Joiner
2010-05-19 00:56 . 2009-08-24 14:17 -------- d-----w- c:\documents and settings\Chris House\Application Data\dvdcss
2010-05-06 10:36 . 2009-07-14 19:40 919040 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 18:04 . 2009-07-14 19:40 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:39 . 2010-01-17 19:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-01-17 19:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 19:38 . 2009-07-14 19:38 35328 --sha-w- c:\windows\system32\sc.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-07-05_17.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-10 16:44 . 2010-07-10 16:44 16384 c:\windows\temp\Perflib_Perfdata_794.dat
+ 2009-07-15 17:02 . 2008-04-14 12:00 409088 c:\windows\system32\qmgr.dll
+ 2009-07-15 17:02 . 2008-04-14 12:00 409088 c:\windows\system32\dllcache\qmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-11 23:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris House^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Chris House\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 17:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 15:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 08:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-21 01:58 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\javaw.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 5.0.0\\5.0.0.252 (9500)\\fledge.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Smartphone Simulators 4.7.0\\4.7.0.76 (9530)\\fledge.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 SuperMounter;SuperMounter; [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2009-04-02 16512]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-11 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-11 308064]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 10:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-07-10 10:58:44
ComboFix-quarantined-files.txt 2010-07-10 16:58
ComboFix2.txt 2010-07-09 14:53
ComboFix3.txt 2010-07-08 18:12
ComboFix4.txt 2010-07-08 02:49
ComboFix5.txt 2010-07-10 16:50

Pre-Run: 55,071,780,864 bytes free
Post-Run: 55,171,805,184 bytes free

- - End Of File - - E4806CEC6E672C02E6465E32E6FD72F4
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 10th, 2010, 4:47 pm

Hi

Firstly, can you check that the command SysRst:: was included in the last CFScript you ran. It doesn't look like it was.


kayakman wrote:..thank you very much for all you help. It is greatly appreciated. I didn't know it was going to be such a long process haha.
You're welcome... and neither did I! ;)

kayakman wrote: Do you think this could be fixed?
The infection that was causing the ohtgnoenriga redirects went in post #6. The "linksador" pop up windows are something new. It may be that the only option left to us is an R&R - We have found numerous backdoor files, as I pointed out, someone has had access to your PC and potentially could have made numerous alterations to the system to get back in. Without checking each and every file in turn - something that we rely on the general purpose scanners for (your own AV, Eset, Kaspersky etc) - we just cant tell.


Give me an updated MBAM scan - just a quick scan this time and then a fresh OTL log.




Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under the Custom Scan box paste this in
    Code: Select all
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.dat
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Check the All Users box. Do not change any other settings unless otherwise told to do so.
  • Click the Quick Scan button. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 11th, 2010, 2:10 am

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4301

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/11/2010 12:08:35 AM
mbam-log-2010-07-11 (00-08-35).txt

Scan type: Quick scan
Objects scanned: 140148
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 11th, 2010, 2:14 am

OTL.txt

OTL logfile created on: 7/11/2010 12:11:21 AM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chris House\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 51.49 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
Drive D: | 70.91 Gb Total Space | 54.05 Gb Free Space | 76.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris House
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/01 10:25:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris House\Desktop\OTL.exe
PRC - [2010/06/23 20:01:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/02 09:40:02 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:40:02 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:40:01 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:39:23 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:39:22 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/11 17:41:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/06/30 03:30:04 | 001,961,984 | ---- | M] (Megaupload Limited) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/01 10:25:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris House\Desktop\OTL.exe
MOD - [2008/04/14 06:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CCProxy)
SRV - [2010/03/11 17:41:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/02 09:40:02 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:40:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/11 17:41:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/07 20:56:21 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/07/15 13:22:33 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/06/17 10:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/04/02 04:13:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2009/04/02 04:13:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/04/28 14:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/14 18:09:44 | 000,213,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/07/20 19:58:00 | 003,685,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/02 15:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/05 22:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 23:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 23:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {fce8417d-ef18-11dd-845c-000c6e211f50}:1.29
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 17:39:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 20:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 20:01:20 | 000,000,000 | ---D | M]

[2010/04/06 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Extensions
[2010/04/06 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/09 12:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions
[2010/06/24 22:28:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 12:15:41 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/06/24 22:28:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/24 22:28:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/29 23:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}
[2009/10/18 12:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/10 10:56:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll File not found
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe File not found
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/15 11:04:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/15 11:03:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 10:43:07 | 000,000,000 | ---D | C] -- C:\found.000
[2010/07/08 12:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/06 22:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/03 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Desktop\Virus Fix
[2010/07/02 11:14:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 10:25:03 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris House\Desktop\OTL.exe
[2010/06/28 12:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/26 15:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Application Data\Uniblue
[2010/06/06 11:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/06/01 17:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/01 17:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/24 14:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Video Joiner
[2010/05/14 18:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\My Documents\ConvertXToDVD
[2010/05/14 18:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\My Documents\PcSetup
[2010/05/09 20:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Local Settings\Application Data\Xenocode
[2010/05/07 20:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\My Documents\Usenet.nl
[2010/04/18 20:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Application Data\PokerCreations
[2010/04/18 19:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris House\Application Data\UFC Poker
[2010/04/18 19:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\UFC Poker
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\Documents and Settings\Chris House\Desktop\*.tmp files -> C:\Documents and Settings\Chris House\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/10 23:49:40 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010/07/10 23:05:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris House\Local Settings\Application Data\prvlcl.dat
[2010/07/10 17:36:42 | 061,846,327 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/10 10:58:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 10:56:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/10 10:56:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 10:49:37 | 003,738,393 | R--- | M] () -- C:\Documents and Settings\Chris House\Desktop\ComboFix.exe
[2010/07/10 10:45:06 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/10 10:44:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 10:30:55 | 000,029,216 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/07/10 09:42:07 | 004,886,816 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/07/09 16:34:21 | 000,050,096 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/07/09 16:34:21 | 000,003,572 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/07/09 16:33:59 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Chris House\NTUSER.DAT
[2010/07/09 16:33:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris House\ntuser.ini
[2010/07/08 21:38:41 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Chris House\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 18:58:21 | 000,514,597 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\vso_ts_preview.xml
[2010/07/06 22:49:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/03 08:20:46 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2010/07/01 10:25:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris House\Desktop\OTL.exe
[2010/07/01 09:47:12 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/01 09:47:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/01 09:47:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/26 16:09:02 | 000,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/26 16:07:00 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Chris House\Application Data\pcouffin.sys
[2010/06/26 16:07:00 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\pcouffin.cat
[2010/06/26 16:07:00 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\pcouffin.inf
[2010/06/26 11:35:47 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/06/22 16:21:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris House\defogger_reenable
[2010/06/10 03:37:28 | 000,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:20:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 11:57:00 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/02 09:40:02 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:40:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 17:42:45 | 000,396,964 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100606-120232.backup
[2010/05/18 18:02:56 | 000,000,285 | RHS- | M] () -- C:\boot.ini
[2010/05/14 18:27:55 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Chris House\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[1 C:\Documents and Settings\Chris House\Desktop\*.tmp files -> C:\Documents and Settings\Chris House\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 11:14:13 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/05 11:12:49 | 003,738,393 | R--- | C] () -- C:\Documents and Settings\Chris House\Desktop\ComboFix.exe
[2010/06/22 16:21:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris House\defogger_reenable
[2010/06/01 17:32:25 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Chris House\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/05/24 14:36:55 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/05/24 14:36:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/05/21 11:33:14 | 000,007,101 | ---- | C] () -- C:\Documents and Settings\Chris House\_GEAREXT.WO_IDENT.TXT
[2010/05/14 18:27:55 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Chris House\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/04/10 16:49:06 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI
[2010/03/22 18:16:03 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/02/03 17:53:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/01/23 00:02:41 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\AccInfo.ini
[2009/12/23 17:31:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/12/13 21:21:44 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/15 16:56:24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/10/13 14:45:39 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2009/10/01 21:26:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/09/07 13:55:28 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/07 13:55:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/24 07:59:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2009/08/14 21:34:02 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2009/08/14 21:34:02 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/07/15 16:30:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/07/15 15:10:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/15 13:01:12 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/07/15 12:45:59 | 000,000,138 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2008/12/17 10:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 10:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 10:22:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 10:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 09:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 04:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/10 18:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 18:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 18:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/04/14 06:00:00 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2008/04/14 06:00:00 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2006/07/20 19:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 19:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 19:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 19:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 19:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/10/03 10:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

========== LOP Check ==========

[2010/07/07 20:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\esnvt
[2010/05/25 16:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configuration
[2009/11/11 21:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2010/03/16 07:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/12/14 07:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/07/15 12:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/28 17:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/12/20 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/08/14 16:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/10/24 13:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ticket
[2009/07/15 13:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/09/04 13:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/07/15 14:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2009/07/15 13:46:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/08/14 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/14 15:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\abgx360
[2009/10/24 16:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Audacity
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Backup Tickets
[2009/11/19 20:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Clone2Go Video Converter Free Version
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Configuration
[2009/08/14 15:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\GetRightToGo
[2009/10/25 12:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\IEPro
[2009/07/15 15:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\ImgBurn
[2009/11/15 12:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Leadertech
[2009/10/19 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\LuckyAcePoker.com
[2009/11/15 12:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Megaupload
[2009/10/25 12:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\MiniDm
[2009/10/19 10:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\PacificPoker
[2009/10/13 14:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Plazmic
[2010/04/18 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\PokerCreations
[2009/08/14 07:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Publish Providers
[2009/10/24 16:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Research In Motion
[2009/07/15 16:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Seven Zip
[2009/08/14 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Sony
[2009/12/13 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Temp
[2009/09/04 13:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Thinstall
[2009/07/15 13:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\TuneUp Software
[2010/04/18 19:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\UFC Poker
[2010/06/26 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Uniblue
[2010/07/07 12:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris House\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/15 11:04:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/18 18:02:56 | 000,000,285 | RHS- | M] () -- C:\boot.ini
[2010/07/10 10:58:44 | 000,015,749 | ---- | M] () -- C:\ComboFix.txt
[2009/07/15 11:04:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/22 23:36:02 | 000,163,840 | ---- | M] () -- C:\FileReg.icp
[2009/07/15 11:04:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/02 11:24:05 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/07/15 11:04:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 06:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 10:44:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/12/13 18:47:22 | 000,002,918 | ---- | M] () -- C:\rollback.ini

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/07/15 11:03:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.dat >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 06:00:00 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/15 05:46:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/15 05:46:01 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/15 05:46:01 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 06:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 06:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 06:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-10 09:00:23

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 11th, 2010, 2:15 am

There was no Extras.txt minimized/opened/saved anywhere
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 11th, 2010, 6:49 am

Hi

From my last post to you:
melboy wrote:can you check that the command SysRst:: was included in the last CFScript you ran. It doesn't look like it was.


Also, navigate to, and post the contents of: C:\Qoobox\Add-Remove Programs.txt

Tell me if the Linksadoor pop-up still happen after running the OTL fix - I think we found the culprit.


SystemLook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
     :folderfind
    *linksadoor*
     
    :dir 
    C:\Documents and Settings\Administrator\Application Data\esnvt /s

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code:
    Code: Select all
    :otl
    FF - prefs.js..extensions.enabledItems: {fce8417d-ef18-11dd-845c-000c6e211f50}:1.29
    [2009/11/29 23:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}
    O3 - HKU\S-1-5-21-1085031214-1606980848-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    
    :commands
    [PURITY]
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 11th, 2010, 12:35 pm

I am not sure if that SysRst was included in the last CFScript. When I dragged it into ComboFix is disappeared from my desktop. I assume it was though because I believe I copy and pasted everything that you said too.

Add/Remove Programs.txt


32 Bit HP CIO Components Installer
7-Zip 4.65
abgx360 v1.0.2
AC3Filter 1.61b
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AIO_Scan
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 9.0
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
BlackBerry Smartphone Simulators 4.7.0.76 (9530)
BlackBerry Smartphone Simulators 5.0.0.252 (9500)
BlackBerry® Media Sync
Broadcom 802.11 Wireless LAN Adapter
BufferChm
C4200
C4200_doccd
c4200_Help
CDDRV_Installer
Conexant HD Audio
ConvertHelper 2.2
ConvertXtoDVD 4.0.9.322
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
erLT
ESET Online Scanner v3
eSupportQFolder
Fast AVI MPEG Joiner 1.2.0812
ffdshow [rev 2265] [2008-10-28]
Free Video to MP3 Converter version 3.2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 1.00 A7
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HP Webcam
HP Wireless Assistant
HPProductAssistant
HPSSupply
ImgBurn
iTunes
Java(TM) 6 Update 15
JDownloader
Junk Mail filter update
KhalInstallWrapper
Logitech SetPoint
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Mega Manager
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OGG MP3 Converter v3.4 build 839
Plazmic CDK 4.7 for BlackBerry
Plazmic Content Developer's Kit 4.7 Update Patch
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTime
Replay Media Catcher 3.01
Reproductor de Windows Media 11
Roxio Media Manager
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SolutionCenter
Sony DVD Architect Studio 4.5
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UFC Poker
Ultra Video Joiner 5.2.0322
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
Vegas Movie Studio Platinum 9.0
VideoToolkit01
VLC media player 1.0.5
WebFldrs XP
WebReg
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Intel (NETw4x32) net (04/30/2007 11.1.1.11)
Windows Driver Package - Intel (w29n51) net (04/04/2007 9.0.4.36)
Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinX Video Converter 4.1
XP Codec Pack
Xvid 1.2.2 final uninstall
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 11th, 2010, 12:41 pm

SystemLook:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:35 on 11/07/2010 by Chris House (Administrator - Elevation successful)

========== folderfind ==========

Searching for "*linksadoor*"
No folders found.

========== dir ==========

C:\Documents and Settings\Administrator\Application Data\esnvt - Parameters: "/s"

---Files---
None found.

No folders found.

-=End Of File=-


OTL:

All processes killed
========== OTL ==========
Prefs.js: {fce8417d-ef18-11dd-845c-000c6e211f50}:1.29 removed from extensions.enabledItems
C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}\defaults folder moved successfully.
C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}\chrome\skin folder moved successfully.
C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}\chrome\locale folder moved successfully.
C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}\chrome\content folder moved successfully.
C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}\chrome folder moved successfully.
C:\Documents and Settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\extensions\{fce8417d-ef18-11dd-845c-000c6e211f50} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-1606980848-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Chris House
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 463706 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 90428325 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5032 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 66722 bytes

Total Files Cleaned = 87.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07112010_103841

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm

Re: help to get rid of ohtgnoenriga redirects

Unread postby melboy » July 11th, 2010, 3:06 pm

Hi


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 9.2
  • Install the new downloaded updated software.
  • Then using the internal updater update the software to the current increment 9.3.3
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • If updates are found click Show Details and check the boxes to click to download and install any necessary updates.



Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u21-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java(TM) 6 Update 15
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



Please post back with a fresh HijackThis log (Do a system scan and save a log file) and a description of how the computer is running now.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: help to get rid of ohtgnoenriga redirects

Unread postby kayakman » July 11th, 2010, 5:51 pm

HiJack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:46:28 PM, on 7/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Power Video Converter\msdxm.ocx
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: COM+ Application System (CCProxy) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9855 bytes







Computer seems to be running fine. I did a number of google searches and neither "ohtgnoenriga redirects" or "linksadoor" popups appeared. This is a good sign! Thank You very much for your help. What do you suggest I do so I do not get all these bookdoors, trojans, malware, etc again? Is there daily scan I could run or programs I should use daily or anything?
kayakman
Regular Member
 
Posts: 37
Joined: June 22nd, 2010, 6:45 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware