No idea what bar discover is. The computer seems to be fine apart from the redirecting to sites, its running at normal speed and dont seem to have any major probs however the first time i dragged and dropped into combofix the scan ran for about 20 mins then the computer shut down, here are the results
ComboFix 10-04-13.02 - Jordon and Rebecca 13/04/2010 23:29:10.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1012.237 [GMT 1:00]
Running from: c:\users\Jordon and Rebecca\Downloads\ComboFix.exe
Command switches used :: c:\users\Jordon and Rebecca\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
file zipped: c:\users\Jordon and Rebecca\AppData\Local\Exayoxozoquq.bin
file zipped: c:\users\Jordon and Rebecca\AppData\Local\Wvimobifuyiwogil.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AntiMalware Pro
c:\program files\AntiMalware Pro\AntiMalwarePro.exe
c:\program files\AntiMalware Pro\Cl.exe
c:\program files\AntiMalware Pro\definitions\200812.cab
c:\program files\AntiMalware Pro\EngineAP.dll
c:\program files\AntiMalware Pro\FolderPaths.txt
c:\program files\AntiMalware Pro\ScheduleAP.txt
c:\program files\AntiMalware Pro\Task.dat
c:\program files\AntiMalware Pro\task.xml
c:\program files\AntiMalware Pro\unins000.dat
c:\program files\AntiMalware Pro\unins000.exe
c:\users\Jordon and Rebecca\AppData\Local\Exayoxozoquq.bin
c:\users\Jordon and Rebecca\AppData\Local\OpenCandy
c:\users\Jordon and Rebecca\AppData\Local\Wvimobifuyiwogil.dat
c:\users\Jordon and Rebecca\AppData\Roaming\AVP 2009
c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy
c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy\DLMgr3WrapperUniBlue.exe
c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy\registrybooster(5).exe
.
((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Local\temp
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Other\AppData\Local\temp
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 20:15 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 20:15 . 2010-04-12 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 20:15 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 14:34 . 2010-04-11 14:34 -------- d-----w- c:\windows\Sun
2010-04-09 12:14 . 2010-04-09 12:14 -------- d-----w- c:\program files\Uniblue
2010-04-09 12:14 . 2010-04-09 12:14 -------- d-----w- c:\program files\ASIO4ALL v2
2010-04-09 12:13 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-09 12:12 . 2010-04-09 12:13 -------- d-----w- c:\program files\VstPlugins
2010-04-09 12:12 . 2010-04-09 12:12 -------- d-----w- c:\program files\Outsim
2010-04-09 12:11 . 2010-04-09 12:13 -------- d-----w- c:\program files\Image-Line
2010-04-08 19:27 . 2010-04-08 19:27 -------- d-----w- c:\program files\QuickTime
2010-04-07 09:01 . 2010-04-06 16:10 61712 ----a-w- c:\programdata\BarDiscover\bardiscover119.exe
2010-04-06 14:21 . 2010-04-07 13:15 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Local\VDownloader
2010-04-06 14:20 . 2010-04-07 15:05 -------- d-----w- c:\program files\VDownloader
2010-04-06 11:57 . 2010-04-06 11:57 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-06 11:52 . 2010-04-06 11:52 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-04-06 11:40 . 2010-04-11 19:47 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\LimeWire
2010-04-06 11:39 . 2010-04-11 10:41 -------- d-----w- c:\program files\LimeWire
2010-04-01 14:44 . 2010-02-16 09:31 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVENG.SYS
2010-04-01 14:44 . 2010-02-16 09:31 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVENG32.DLL
2010-04-01 14:44 . 2010-02-16 09:31 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVEX32A.DLL
2010-04-01 14:44 . 2010-02-16 09:31 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVEX15.SYS
2010-04-01 14:44 . 2010-02-16 09:31 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\EECTRL.SYS
2010-04-01 14:44 . 2010-02-16 09:31 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\CCERASER.DLL
2010-04-01 14:44 . 2010-02-16 09:31 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\ECMSVR32.DLL
2010-04-01 14:44 . 2010-02-16 09:31 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\ERASER.SYS
2010-03-30 13:56 . 2010-03-30 13:56 688920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-03-29 15:53 . 2010-03-29 15:53 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Malwarebytes
2010-03-29 15:53 . 2010-03-29 15:53 -------- d-----w- c:\programdata\Malwarebytes
2010-03-29 15:46 . 2010-03-29 15:46 307992 ----a-w- c:\programdata\avg9\update\backup\avgaspmx.dll
2010-03-28 18:37 . 2010-03-28 18:41 20895216 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-03-28 18:37 . 2010-03-28 18:37 79368 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-03-28 18:37 . 2010-03-28 18:37 64000 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-03-28 18:37 . 2010-03-28 18:37 52288 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-03-28 18:37 . 2010-03-28 18:37 50688 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-03-28 18:37 . 2010-03-28 18:37 49152 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-03-28 18:37 . 2010-03-28 18:37 118784 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2010-03-28 17:41 . 2010-03-28 18:01 -------- d-----w- c:\program files\Audacity
2010-03-28 17:41 . 2010-04-07 11:06 -------- d-----w- c:\program files\BarDiscover
2010-03-28 17:41 . 2010-04-07 09:01 -------- d-----w- c:\programdata\BarDiscover
2010-03-28 10:36 . 2010-03-28 10:36 439816 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-03-27 21:22 . 2010-03-27 21:22 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Software
2010-03-27 21:22 . 2007-08-29 15:36 110592 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
2010-03-27 21:21 . 2010-03-27 21:21 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Swift Sound
2010-03-27 21:18 . 2010-03-27 21:20 -------- d-----w- c:\program files\WAV to MP3 Encoder
2010-03-27 18:48 . 2010-04-06 15:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\DivX
2010-03-27 13:36 . 2010-03-27 13:38 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Apple Computer
2010-03-27 13:36 . 2010-03-27 13:36 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-27 09:56 . 2009-10-01 14:05 77312 ----a-w- c:\windows\system32\HerculesDJDevices.dll
2010-03-27 09:56 . 2008-04-28 10:29 27136 ----a-w- c:\windows\system32\HDJSAPI.dll
2010-03-27 09:56 . 2010-03-27 09:56 -------- d-----w- c:\program files\Hercules
2010-03-27 09:55 . 2010-03-27 09:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\InstallShield
2010-03-25 16:32 . 2010-03-26 01:26 -------- dc----w- c:\users\Jordon and Rebecca\AppData\Local\MigWiz
2010-03-24 20:33 . 2010-03-24 20:33 -------- d-----w- c:\programdata\Microsoft Corporation
2010-03-24 18:38 . 2010-03-24 18:38 -------- d-----w- c:\program files\Windows Easy Transfer 7
2010-03-24 18:35 . 2010-03-24 18:35 -------- d-----w- c:\program files\Microsoft Windows Vista Upgrade Advisor
2010-03-24 17:34 . 2009-05-19 15:56 262144 ----a-w- c:\windows\system32\HDJAPI.dll
2010-03-24 17:34 . 2009-05-19 15:56 106496 ----a-w- c:\windows\system32\HRFDongle.dll
2010-03-22 15:30 . 2010-04-11 09:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-22 15:30 . 2010-03-22 15:30 -------- d-----w- c:\program files\Java
2010-03-22 14:59 . 2008-03-27 17:49 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2010-03-21 15:21 . 2010-03-21 15:21 -------- d-----w- c:\programdata\Xerox
2010-03-20 13:53 . 2010-03-20 14:51 -------- d-----w- C:\ZillaTube
2010-03-16 20:33 . 2010-03-16 20:33 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\dvdcss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 21:47 . 2010-03-12 17:33 -------- d-----w- c:\program files\Common Files\Apple
2010-04-09 20:06 . 2010-03-03 12:56 -------- d-----w- c:\program files\Google
2010-04-08 19:27 . 2010-03-12 17:34 -------- d-----w- c:\programdata\Apple Computer
2010-04-07 11:52 . 2010-03-12 15:09 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\vlc
2010-04-07 11:50 . 2010-02-16 14:55 874 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\wklnhst.dat
2010-04-06 11:48 . 2010-03-04 20:57 -------- d-----w- c:\programdata\avg9
2010-04-03 18:43 . 2010-03-03 13:55 -------- d-----w- c:\program files\Vuze
2010-04-03 18:42 . 2010-03-03 13:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus
2010-04-01 14:45 . 2010-03-14 17:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-27 09:56 . 2009-09-23 20:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-21 13:41 . 2010-02-16 11:34 66752 ----a-w- c:\users\Jordon and Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 19:41 . 2010-03-14 16:27 -------- d-----w- c:\program files\VirtualDJ
2010-03-14 18:00 . 2010-03-10 22:46 -------- d-----w- c:\program files\DivX
2010-03-14 18:00 . 2010-03-10 22:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-14 17:06 . 2010-03-03 14:04 -------- d-----w- c:\programdata\Symantec
2010-03-14 17:02 . 2010-03-14 17:02 -------- d-----w- c:\program files\Norton Security Scan
2010-03-14 17:02 . 2010-03-03 14:04 -------- d-----w- c:\programdata\Norton
2010-03-14 17:02 . 2010-03-03 14:04 -------- d-----w- c:\program files\NortonInstaller
2010-03-14 16:33 . 2010-03-14 16:33 6516755 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-03-14 16:33 . 2010-03-14 16:33 4141117 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-03-14 12:19 . 2010-03-10 22:34 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-13 12:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-12 17:36 . 2010-03-12 17:36 10134 ----a-r- c:\users\Jordon and Rebecca\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-03-12 17:36 . 2010-03-12 17:36 -------- d-----w- c:\program files\Sony
2010-03-12 17:36 . 2010-03-12 17:36 -------- d-----w- c:\programdata\Sony Corporation
2010-03-12 17:33 . 2010-03-12 17:33 -------- d-----w- c:\programdata\Apple
2010-03-12 17:33 . 2010-03-12 17:31 32494896 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
2010-03-12 17:31 . 2010-03-12 17:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony Setup
2010-03-12 17:30 . 2010-03-12 17:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony
2010-03-12 17:30 . 2010-03-12 17:30 -------- d-----w- c:\program files\Sony Setup
2010-03-12 17:20 . 2010-03-12 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-10 22:46 . 2010-03-10 22:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-10 22:40 . 2010-03-10 22:40 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-10 22:40 . 2010-03-10 22:40 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-10 22:40 . 2010-03-10 22:39 -------- d-----w- c:\program files\Common Files\Real
2010-03-10 22:40 . 2010-03-10 22:39 -------- d-----w- c:\program files\Real
2010-03-10 22:39 . 2010-03-10 22:39 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-10 22:39 . 2010-03-10 22:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-10 22:39 . 2010-03-10 22:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-10 22:34 . 2010-03-10 22:34 -------- d-----w- c:\programdata\McAfee Security Scan
2010-03-10 22:34 . 2010-03-10 22:34 -------- d-----w- c:\programdata\McAfee
2010-03-10 18:19 . 2010-03-10 18:19 -------- d-----w- c:\program files\VideoLAN
2010-03-10 17:44 . 2010-03-10 17:44 -------- d-----w- c:\program files\Conduit
2010-03-09 22:55 . 2010-03-09 22:55 -------- d-----w- c:\programdata\WindowsSearch
2010-03-08 15:18 . 2010-03-08 15:18 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-08 15:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-08 15:18 . 2010-03-08 15:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-03-06 21:15 . 2010-03-06 21:15 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\AVG9
2010-03-05 13:25 . 2010-03-04 20:58 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-05 13:24 . 2010-03-05 13:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 13:24 . 2010-03-04 20:58 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 13:22 . 2010-03-04 20:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 13:22 . 2010-03-04 20:58 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-04 20:57 . 2010-03-04 20:57 -------- d-----w- c:\program files\AVG
2010-03-04 15:47 . 2010-03-04 15:47 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
2010-03-04 15:47 . 2010-03-04 15:47 390528 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
2010-03-04 15:47 . 2010-03-04 15:47 249856 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
2010-03-04 15:44 . 2010-03-04 15:44 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Trusteer
2010-03-04 15:44 . 2010-03-04 15:44 -------- d-----w- c:\program files\Trusteer
2010-03-04 15:42 . 2010-03-04 15:42 -------- d-----w- c:\programdata\Trusteer
2010-03-03 20:33 . 2010-03-03 20:33 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-03 16:19 . 2009-09-23 14:06 -------- d-----w- c:\program files\Microsoft Works
2010-03-03 16:17 . 2009-09-23 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-03 15:12 . 2010-03-03 15:12 -------- d-----w- c:\program files\Guillemot
2010-03-03 14:04 . 2010-03-03 14:04 -------- d-----w- c:\programdata\NortonInstaller
2010-03-03 13:55 . 2010-03-03 13:55 -------- d-----w- c:\programdata\Azureus
2010-03-03 13:55 . 2010-03-03 13:55 -------- d-----w- c:\program files\Common Files\i4j_jres
2010-03-03 12:52 . 2010-03-03 12:52 16 ----a-w- c:\windows\popcinfo.dat
2010-03-03 12:22 . 2010-03-03 12:22 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\SpinTop
2010-02-24 09:16 . 2010-03-03 11:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 11:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 11:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 11:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 11:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 10:38 . 2010-02-18 10:37 -------- d-----w- c:\users\Guest\AppData\Roaming\BullGuard
2010-02-18 10:38 . 2010-02-18 10:38 65800 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 15:21 . 2010-02-16 15:18 -------- d-----w- c:\users\Other\AppData\Roaming\BullGuard
2010-02-16 15:18 . 2010-02-16 15:18 65800 ----a-w- c:\users\Other\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 14:55 . 2010-02-16 14:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Template
2010-02-16 09:31 . 2010-03-14 17:06 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
2010-02-16 09:31 . 2010-03-14 17:06 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
2010-02-16 09:31 . 2010-03-14 17:06 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
2010-02-16 09:31 . 2010-03-14 17:06 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
2010-02-16 09:31 . 2010-03-14 17:06 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
2010-02-16 09:31 . 2010-03-14 17:06 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
2010-02-16 09:31 . 2010-03-14 17:06 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
2010-02-16 09:31 . 2010-03-14 17:06 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
2010-02-12 10:48 . 2010-03-03 16:14 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00 . 2010-03-03 12:02 471552 ----a-w- c:\windows\system32\secproc_isv.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-13_21.14.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:02 . 2010-04-13 22:15 67650 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2010-04-13 20:29 67650 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-16 14:41 . 2010-04-13 22:15 11460 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-575106018-2748924237-2774505119-1000_UserData.bin
- 2009-09-23 16:57 . 2010-04-13 20:50 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-23 16:57 . 2010-04-13 22:13 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-12 20:07 . 2010-04-13 20:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-04-12 20:07 . 2010-04-13 21:31 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-09-23 16:57 . 2010-04-13 22:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-23 16:57 . 2010-04-13 20:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 20:27 . 2010-04-13 22:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-13 20:27 . 2010-04-13 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-13 20:27 . 2010-04-13 22:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-13 20:27 . 2010-04-13 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-04-13 22:17 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-13 20:58 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-13 20:58 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-04-13 22:17 105448 c:\windows\System32\perfc009.dat
- 2009-09-23 20:24 . 2010-04-13 20:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-23 20:24 . 2010-04-13 21:31 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-23 16:57 . 2010-04-13 20:50 638976 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-23 16:57 . 2010-04-13 22:13 638976 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-31 7731744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-10-23 509224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):98,a8,fc,f2,b2,be,ca,01
R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x]
R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\Drivers\HDJCtrl.sys [x]
R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-03-05 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-03-05 242696]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-04 390528]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-03-23 58984]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-03-23 125160]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
S2 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover119.exe [2010-04-06 61712]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-03-23 779496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-04-13 c:\windows\Tasks\Norton Security Scan for Jordon and Rebecca.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-14 12:46]
2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{08B7D462-BD19-4BAC-82C3-3B07BB9114E4}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Jordon and Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\mgqogdkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-13 23:38
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8607BAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x869a3d24
\Driver\ACPI -> acpi.sys @ 0x80692d68
\Driver\atapi -> ataport.SYS @ 0x807a1a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-13 23:43:47
ComboFix-quarantined-files.txt 2010-04-13 22:43
ComboFix2.txt 2010-04-13 21:18
Pre-Run: 200,080,936,960 bytes free
Post-Run: 200,049,369,088 bytes free
- - End Of File - - F21CB79F36DDF5E880B0CA19BF3D0CA9
Upload was successful