[rebecca_g]

Please Help!

My computer is saying i am infected with a trojan lenina66.com, i have no idea how to get rid of it.
AVG picks it up when i scan the computer but wont let me delete it.
Advice is needed on how to get rid because i havent a clue, i dont know much about computers so the advice needs to be spelt out clearly.
Thanks alot.

[Advertisements]

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.


Please do not delete anything unless instructed to.




We've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache
http://www.java.com/...lugin_cache.xml


Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• 
• Then click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .

[ldtate]

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.


Please do not delete anything unless instructed to.




We've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache
http://www.java.com/...lugin_cache.xml


Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• 
• Then click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .

[rebecca_g]

Hiya

Thanks for the advice, it seems to have worked, had to scan twice though because it cancelled itself halfway through.

Cheers

[ldtate]

If you're happy, I'm happy

[rebecca_g]

Hi again, not so happy.

My computer is still acting up. Every time im use the internet (mozilla) it keeps redirecting me to different sites and the the sites i try to go on arent loading properly, any ideas?

Thanks.

[ldtate]

Run MBAM again and post the scan results.
Please don't attach the scans / logs, use "copy/paste". .

[rebecca_g]

Hi here are the results

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3983

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

13/04/2010 21:50:56
mbam-log-2010-04-13 (21-50-56).txt

Scan type: Quick scan
Objects scanned: 119054
Time elapsed: 8 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[ldtate]

DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:


XP Users

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.


Please do not delete anything unless instructed to.


We've been seeing some Java infections lately.
Go here and follow the instructions to clear your Java Cache


Next:


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  
  Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[rebecca_g]

Here ya go

ComboFix 10-04-13.02 - Jordon and Rebecca 13/04/2010 22:07:35.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1012.314 [GMT 1:00]
Running from: c:\users\Jordon and Rebecca\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1820520491-3691571624-610989773-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Jordon and Rebecca\AppData\Local\{8C1B472A-C0D8-48F2-842A-39CD862D6648}
c:\users\Jordon and Rebecca\AppData\Local\{8C1B472A-C0D8-48F2-842A-39CD862D6648}\chrome.manifest
c:\users\Jordon and Rebecca\AppData\Local\{8C1B472A-C0D8-48F2-842A-39CD862D6648}\chrome\content\_cfg.js
c:\users\Jordon and Rebecca\AppData\Local\{8C1B472A-C0D8-48F2-842A-39CD862D6648}\chrome\content\overlay.xul
c:\users\Jordon and Rebecca\AppData\Local\{8C1B472A-C0D8-48F2-842A-39CD862D6648}\install.rdf
c:\windows\system32\MSVolumeAMP.dll

----- BITS: Possible infected sites -----

hxxp://ads1.msads.net
.
((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 21:14 . 2010-04-13 21:14 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Local\temp
2010-04-12 20:15 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 20:15 . 2010-04-12 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 20:15 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 20:37 . 2010-04-11 20:37 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\AVP 2009
2010-04-11 20:37 . 2010-04-11 20:37 -------- d-----w- c:\program files\AntiMalware Pro
2010-04-11 14:34 . 2010-04-11 14:34 -------- d-----w- c:\windows\Sun
2010-04-11 09:28 . 2010-04-12 19:57 0 ----a-w- c:\users\Jordon and Rebecca\AppData\Local\Exayoxozoquq.bin
2010-04-11 09:28 . 2010-04-11 13:10 120 ----a-w- c:\users\Jordon and Rebecca\AppData\Local\Wvimobifuyiwogil.dat
2010-04-09 12:14 . 2010-04-09 12:14 -------- d-----w- c:\program files\Uniblue
2010-04-09 12:14 . 2010-04-09 12:14 -------- d-----w- c:\program files\ASIO4ALL v2
2010-04-09 12:13 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-09 12:13 . 2010-04-09 12:51 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Local\OpenCandy
2010-04-09 12:13 . 2010-04-09 19:38 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy
2010-04-09 12:13 . 2010-04-09 12:13 257257 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy\DLMgr3WrapperUniBlue.exe
2010-04-09 12:12 . 2010-04-09 12:13 -------- d-----w- c:\program files\VstPlugins
2010-04-09 12:12 . 2010-04-09 12:12 -------- d-----w- c:\program files\Outsim
2010-04-09 12:11 . 2010-04-09 12:13 -------- d-----w- c:\program files\Image-Line
2010-04-08 19:27 . 2010-04-08 19:27 -------- d-----w- c:\program files\QuickTime
2010-04-07 09:01 . 2010-04-06 16:10 61712 ----a-w- c:\programdata\BarDiscover\bardiscover119.exe
2010-04-06 14:21 . 2010-04-07 13:15 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Local\VDownloader
2010-04-06 14:20 . 2010-04-07 15:05 -------- d-----w- c:\program files\VDownloader
2010-04-06 11:57 . 2010-04-06 11:57 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-06 11:52 . 2010-04-06 11:52 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-04-06 11:40 . 2010-04-11 19:47 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\LimeWire
2010-04-06 11:39 . 2010-04-11 10:41 -------- d-----w- c:\program files\LimeWire
2010-04-01 14:44 . 2010-02-16 09:31 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVENG.SYS
2010-04-01 14:44 . 2010-02-16 09:31 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVENG32.DLL
2010-04-01 14:44 . 2010-02-16 09:31 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVEX32A.DLL
2010-04-01 14:44 . 2010-02-16 09:31 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVEX15.SYS
2010-04-01 14:44 . 2010-02-16 09:31 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\EECTRL.SYS
2010-04-01 14:44 . 2010-02-16 09:31 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\CCERASER.DLL
2010-04-01 14:44 . 2010-02-16 09:31 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\ECMSVR32.DLL
2010-04-01 14:44 . 2010-02-16 09:31 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\ERASER.SYS
2010-03-30 13:56 . 2010-03-30 13:56 688920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-03-29 15:53 . 2010-03-29 15:53 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Malwarebytes
2010-03-29 15:53 . 2010-03-29 15:53 -------- d-----w- c:\programdata\Malwarebytes
2010-03-29 15:46 . 2010-03-29 15:46 307992 ----a-w- c:\programdata\avg9\update\backup\avgaspmx.dll
2010-03-28 18:37 . 2010-03-28 18:41 20895216 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-03-28 18:37 . 2010-03-28 18:37 79368 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-03-28 18:37 . 2010-03-28 18:37 64000 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-03-28 18:37 . 2010-03-28 18:37 52288 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-03-28 18:37 . 2010-03-28 18:37 50688 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-03-28 18:37 . 2010-03-28 18:37 49152 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-03-28 18:37 . 2010-03-28 18:37 118784 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2010-03-28 17:41 . 2010-03-28 18:01 -------- d-----w- c:\program files\Audacity
2010-03-28 17:41 . 2010-04-07 11:06 -------- d-----w- c:\program files\BarDiscover
2010-03-28 17:41 . 2010-04-07 09:01 -------- d-----w- c:\programdata\BarDiscover
2010-03-28 10:36 . 2010-03-28 10:36 439816 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-03-27 21:22 . 2010-03-27 21:22 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Software
2010-03-27 21:22 . 2007-08-29 15:36 110592 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
2010-03-27 21:21 . 2010-03-27 21:21 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Swift Sound
2010-03-27 21:18 . 2010-03-27 21:20 -------- d-----w- c:\program files\WAV to MP3 Encoder
2010-03-27 18:48 . 2010-04-06 15:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\DivX
2010-03-27 13:36 . 2010-03-27 13:38 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Apple Computer
2010-03-27 13:36 . 2010-03-27 13:36 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-27 09:56 . 2009-10-01 14:05 77312 ----a-w- c:\windows\system32\HerculesDJDevices.dll
2010-03-27 09:56 . 2008-04-28 10:29 27136 ----a-w- c:\windows\system32\HDJSAPI.dll
2010-03-27 09:56 . 2010-03-27 09:56 -------- d-----w- c:\program files\Hercules
2010-03-27 09:55 . 2010-03-27 09:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\InstallShield
2010-03-25 16:32 . 2010-03-26 01:26 -------- dc----w- c:\users\Jordon and Rebecca\AppData\Local\MigWiz
2010-03-24 20:33 . 2010-03-24 20:33 -------- d-----w- c:\programdata\Microsoft Corporation
2010-03-24 18:38 . 2010-03-24 18:38 -------- d-----w- c:\program files\Windows Easy Transfer 7
2010-03-24 18:35 . 2010-03-24 18:35 -------- d-----w- c:\program files\Microsoft Windows Vista Upgrade Advisor
2010-03-24 17:34 . 2009-05-19 15:56 262144 ----a-w- c:\windows\system32\HDJAPI.dll
2010-03-24 17:34 . 2009-05-19 15:56 106496 ----a-w- c:\windows\system32\HRFDongle.dll
2010-03-22 15:30 . 2010-04-11 09:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-22 15:30 . 2010-03-22 15:30 -------- d-----w- c:\program files\Java
2010-03-22 14:59 . 2008-03-27 17:49 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2010-03-21 15:21 . 2010-03-21 15:21 -------- d-----w- c:\programdata\Xerox
2010-03-20 13:53 . 2010-03-20 14:51 -------- d-----w- C:\ZillaTube
2010-03-16 20:33 . 2010-03-16 20:33 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 21:47 . 2010-03-12 17:33 -------- d-----w- c:\program files\Common Files\Apple
2010-04-09 20:06 . 2010-03-03 12:56 -------- d-----w- c:\program files\Google
2010-04-08 19:27 . 2010-03-12 17:34 -------- d-----w- c:\programdata\Apple Computer
2010-04-07 11:52 . 2010-03-12 15:09 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\vlc
2010-04-07 11:50 . 2010-02-16 14:55 874 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\wklnhst.dat
2010-04-06 11:48 . 2010-03-04 20:57 -------- d-----w- c:\programdata\avg9
2010-04-03 18:43 . 2010-03-03 13:55 -------- d-----w- c:\program files\Vuze
2010-04-03 18:42 . 2010-03-03 13:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus
2010-04-01 14:45 . 2010-03-14 17:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-27 09:56 . 2009-09-23 20:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-21 13:41 . 2010-02-16 11:34 66752 ----a-w- c:\users\Jordon and Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 19:41 . 2010-03-14 16:27 -------- d-----w- c:\program files\VirtualDJ
2010-03-14 18:00 . 2010-03-10 22:46 -------- d-----w- c:\program files\DivX
2010-03-14 18:00 . 2010-03-10 22:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-14 17:06 . 2010-03-03 14:04 -------- d-----w- c:\programdata\Symantec
2010-03-14 17:02 . 2010-03-14 17:02 -------- d-----w- c:\program files\Norton Security Scan
2010-03-14 17:02 . 2010-03-03 14:04 -------- d-----w- c:\programdata\Norton
2010-03-14 17:02 . 2010-03-03 14:04 -------- d-----w- c:\program files\NortonInstaller
2010-03-14 16:33 . 2010-03-14 16:33 6516755 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-03-14 16:33 . 2010-03-14 16:33 4141117 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-03-14 12:19 . 2010-03-10 22:34 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-13 12:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-12 17:36 . 2010-03-12 17:36 10134 ----a-r- c:\users\Jordon and Rebecca\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-03-12 17:36 . 2010-03-12 17:36 -------- d-----w- c:\program files\Sony
2010-03-12 17:36 . 2010-03-12 17:36 -------- d-----w- c:\programdata\Sony Corporation
2010-03-12 17:33 . 2010-03-12 17:33 -------- d-----w- c:\programdata\Apple
2010-03-12 17:33 . 2010-03-12 17:31 32494896 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
2010-03-12 17:31 . 2010-03-12 17:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony Setup
2010-03-12 17:30 . 2010-03-12 17:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony
2010-03-12 17:30 . 2010-03-12 17:30 -------- d-----w- c:\program files\Sony Setup
2010-03-12 17:20 . 2010-03-12 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-10 22:46 . 2010-03-10 22:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-10 22:40 . 2010-03-10 22:40 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-10 22:40 . 2010-03-10 22:40 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-10 22:40 . 2010-03-10 22:39 -------- d-----w- c:\program files\Common Files\Real
2010-03-10 22:40 . 2010-03-10 22:39 -------- d-----w- c:\program files\Real
2010-03-10 22:39 . 2010-03-10 22:39 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-10 22:39 . 2010-03-10 22:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-10 22:39 . 2010-03-10 22:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-10 22:34 . 2010-03-10 22:34 -------- d-----w- c:\programdata\McAfee Security Scan
2010-03-10 22:34 . 2010-03-10 22:34 -------- d-----w- c:\programdata\McAfee
2010-03-10 18:19 . 2010-03-10 18:19 -------- d-----w- c:\program files\VideoLAN
2010-03-10 17:44 . 2010-03-10 17:44 -------- d-----w- c:\program files\Conduit
2010-03-09 22:55 . 2010-03-09 22:55 -------- d-----w- c:\programdata\WindowsSearch
2010-03-08 15:18 . 2010-03-08 15:18 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-08 15:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-08 15:18 . 2010-03-08 15:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-03-06 21:15 . 2010-03-06 21:15 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\AVG9
2010-03-05 21:42 . 2010-03-05 21:42 4004928 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy\registrybooster(5).exe
2010-03-05 13:25 . 2010-03-04 20:58 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-05 13:24 . 2010-03-05 13:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 13:24 . 2010-03-04 20:58 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 13:22 . 2010-03-04 20:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 13:22 . 2010-03-04 20:58 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-04 20:57 . 2010-03-04 20:57 -------- d-----w- c:\program files\AVG
2010-03-04 15:47 . 2010-03-04 15:47 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
2010-03-04 15:47 . 2010-03-04 15:47 390528 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
2010-03-04 15:47 . 2010-03-04 15:47 249856 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
2010-03-04 15:44 . 2010-03-04 15:44 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Trusteer
2010-03-04 15:44 . 2010-03-04 15:44 -------- d-----w- c:\program files\Trusteer
2010-03-04 15:42 . 2010-03-04 15:42 -------- d-----w- c:\programdata\Trusteer
2010-03-03 20:33 . 2010-03-03 20:33 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-03 16:19 . 2009-09-23 14:06 -------- d-----w- c:\program files\Microsoft Works
2010-03-03 16:17 . 2009-09-23 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-03 15:12 . 2010-03-03 15:12 -------- d-----w- c:\program files\Guillemot
2010-03-03 14:04 . 2010-03-03 14:04 -------- d-----w- c:\programdata\NortonInstaller
2010-03-03 13:55 . 2010-03-03 13:55 -------- d-----w- c:\programdata\Azureus
2010-03-03 13:55 . 2010-03-03 13:55 -------- d-----w- c:\program files\Common Files\i4j_jres
2010-03-03 12:52 . 2010-03-03 12:52 16 ----a-w- c:\windows\popcinfo.dat
2010-03-03 12:22 . 2010-03-03 12:22 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\SpinTop
2010-02-24 09:16 . 2010-03-03 11:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 11:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 11:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 11:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 11:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 10:38 . 2010-02-18 10:37 -------- d-----w- c:\users\Guest\AppData\Roaming\BullGuard
2010-02-18 10:38 . 2010-02-18 10:38 65800 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 15:21 . 2010-02-16 15:18 -------- d-----w- c:\users\Other\AppData\Roaming\BullGuard
2010-02-16 15:18 . 2010-02-16 15:18 65800 ----a-w- c:\users\Other\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 14:55 . 2010-02-16 14:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Template
2010-02-16 09:31 . 2010-03-14 17:06 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
2010-02-16 09:31 . 2010-03-14 17:06 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
2010-02-16 09:31 . 2010-03-14 17:06 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
2010-02-16 09:31 . 2010-03-14 17:06 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
2010-02-16 09:31 . 2010-03-14 17:06 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
2010-02-16 09:31 . 2010-03-14 17:06 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
2010-02-16 09:31 . 2010-03-14 17:06 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
2010-02-16 09:31 . 2010-03-14 17:06 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
2010-02-12 10:48 . 2010-03-03 16:14 293376 ----a-w- c:\windows\system32\browserchoice.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-31 7731744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-10-23 509224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):98,a8,fc,f2,b2,be,ca,01

R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x]
R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\Drivers\HDJCtrl.sys [x]
R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-03-05 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-03-05 242696]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-04 390528]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-03-23 58984]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-03-23 125160]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
S2 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover119.exe [2010-04-06 61712]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-03-23 779496]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\Norton Security Scan for Jordon and Rebecca.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-14 12:46]

2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{08B7D462-BD19-4BAC-82C3-3B07BB9114E4}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Jordon and Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\mgqogdkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 22:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86105AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x869a5d24
\Driver\ACPI -> acpi.sys @ 0x8069dd68
\Driver\atapi -> ataport.SYS @ 0x807aca2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-13 22:18:31
ComboFix-quarantined-files.txt 2010-04-13 21:18

Pre-Run: 199,438,364,672 bytes free
Post-Run: 200,286,265,344 bytes free

- - End Of File - - 9E83F872029A704CEED72DD3A19DEA84

[ldtate]

Are you using McAfee or Nortons Symantec?

Do you know anything about this program?
c:\program files\BarDiscover



Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

http://www.geekstogo.com/forum/Trojan-Lenina-t273924.html
File::

Collect::
c:\users\Jordon and Rebecca\AppData\Local\Exayoxozoquq.bin
c:\users\Jordon and Rebecca\AppData\Local\Wvimobifuyiwogil.dat

Folder::
c:\users\Jordon and Rebecca\AppData\Roaming\AVP 2009
c:\program files\AntiMalware Pro
c:\users\Jordon and Rebecca\AppData\Local\OpenCandy
c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy
c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy\DLMgr3WrapperUniBlue.exe

Registry::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...




Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.

[rebecca_g]

No idea what bar discover is. The computer seems to be fine apart from the redirecting to sites, its running at normal speed and dont seem to have any major probs however the first time i dragged and dropped into combofix the scan ran for about 20 mins then the computer shut down, here are the results


ComboFix 10-04-13.02 - Jordon and Rebecca 13/04/2010 23:29:10.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1012.237 [GMT 1:00]
Running from: c:\users\Jordon and Rebecca\Downloads\ComboFix.exe
Command switches used :: c:\users\Jordon and Rebecca\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

file zipped: c:\users\Jordon and Rebecca\AppData\Local\Exayoxozoquq.bin
file zipped: c:\users\Jordon and Rebecca\AppData\Local\Wvimobifuyiwogil.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AntiMalware Pro
c:\program files\AntiMalware Pro\AntiMalwarePro.exe
c:\program files\AntiMalware Pro\Cl.exe
c:\program files\AntiMalware Pro\definitions\200812.cab
c:\program files\AntiMalware Pro\EngineAP.dll
c:\program files\AntiMalware Pro\FolderPaths.txt
c:\program files\AntiMalware Pro\ScheduleAP.txt
c:\program files\AntiMalware Pro\Task.dat
c:\program files\AntiMalware Pro\task.xml
c:\program files\AntiMalware Pro\unins000.dat
c:\program files\AntiMalware Pro\unins000.exe
c:\users\Jordon and Rebecca\AppData\Local\Exayoxozoquq.bin
c:\users\Jordon and Rebecca\AppData\Local\OpenCandy
c:\users\Jordon and Rebecca\AppData\Local\Wvimobifuyiwogil.dat
c:\users\Jordon and Rebecca\AppData\Roaming\AVP 2009
c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy
c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy\DLMgr3WrapperUniBlue.exe
c:\users\Jordon and Rebecca\AppData\Roaming\OpenCandy\registrybooster(5).exe

.
((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Local\temp
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Other\AppData\Local\temp
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-04-13 22:38 . 2010-04-13 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 20:15 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 20:15 . 2010-04-12 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 20:15 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 14:34 . 2010-04-11 14:34 -------- d-----w- c:\windows\Sun
2010-04-09 12:14 . 2010-04-09 12:14 -------- d-----w- c:\program files\Uniblue
2010-04-09 12:14 . 2010-04-09 12:14 -------- d-----w- c:\program files\ASIO4ALL v2
2010-04-09 12:13 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-09 12:12 . 2010-04-09 12:13 -------- d-----w- c:\program files\VstPlugins
2010-04-09 12:12 . 2010-04-09 12:12 -------- d-----w- c:\program files\Outsim
2010-04-09 12:11 . 2010-04-09 12:13 -------- d-----w- c:\program files\Image-Line
2010-04-08 19:27 . 2010-04-08 19:27 -------- d-----w- c:\program files\QuickTime
2010-04-07 09:01 . 2010-04-06 16:10 61712 ----a-w- c:\programdata\BarDiscover\bardiscover119.exe
2010-04-06 14:21 . 2010-04-07 13:15 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Local\VDownloader
2010-04-06 14:20 . 2010-04-07 15:05 -------- d-----w- c:\program files\VDownloader
2010-04-06 11:57 . 2010-04-06 11:57 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-06 11:52 . 2010-04-06 11:52 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-04-06 11:40 . 2010-04-11 19:47 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\LimeWire
2010-04-06 11:39 . 2010-04-11 10:41 -------- d-----w- c:\program files\LimeWire
2010-04-01 14:44 . 2010-02-16 09:31 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVENG.SYS
2010-04-01 14:44 . 2010-02-16 09:31 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVENG32.DLL
2010-04-01 14:44 . 2010-02-16 09:31 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVEX32A.DLL
2010-04-01 14:44 . 2010-02-16 09:31 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\NAVEX15.SYS
2010-04-01 14:44 . 2010-02-16 09:31 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\EECTRL.SYS
2010-04-01 14:44 . 2010-02-16 09:31 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\CCERASER.DLL
2010-04-01 14:44 . 2010-02-16 09:31 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\ECMSVR32.DLL
2010-04-01 14:44 . 2010-02-16 09:31 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100401.002\ERASER.SYS
2010-03-30 13:56 . 2010-03-30 13:56 688920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-03-29 15:53 . 2010-03-29 15:53 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Malwarebytes
2010-03-29 15:53 . 2010-03-29 15:53 -------- d-----w- c:\programdata\Malwarebytes
2010-03-29 15:46 . 2010-03-29 15:46 307992 ----a-w- c:\programdata\avg9\update\backup\avgaspmx.dll
2010-03-28 18:37 . 2010-03-28 18:41 20895216 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-03-28 18:37 . 2010-03-28 18:37 79368 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-03-28 18:37 . 2010-03-28 18:37 64000 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-03-28 18:37 . 2010-03-28 18:37 52288 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-03-28 18:37 . 2010-03-28 18:37 50688 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-03-28 18:37 . 2010-03-28 18:37 49152 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-03-28 18:37 . 2010-03-28 18:37 118784 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2010-03-28 17:41 . 2010-03-28 18:01 -------- d-----w- c:\program files\Audacity
2010-03-28 17:41 . 2010-04-07 11:06 -------- d-----w- c:\program files\BarDiscover
2010-03-28 17:41 . 2010-04-07 09:01 -------- d-----w- c:\programdata\BarDiscover
2010-03-28 10:36 . 2010-03-28 10:36 439816 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-03-27 21:22 . 2010-03-27 21:22 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Software
2010-03-27 21:22 . 2007-08-29 15:36 110592 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
2010-03-27 21:21 . 2010-03-27 21:21 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\NCH Swift Sound
2010-03-27 21:18 . 2010-03-27 21:20 -------- d-----w- c:\program files\WAV to MP3 Encoder
2010-03-27 18:48 . 2010-04-06 15:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\DivX
2010-03-27 13:36 . 2010-03-27 13:38 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Apple Computer
2010-03-27 13:36 . 2010-03-27 13:36 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-27 09:56 . 2009-10-01 14:05 77312 ----a-w- c:\windows\system32\HerculesDJDevices.dll
2010-03-27 09:56 . 2008-04-28 10:29 27136 ----a-w- c:\windows\system32\HDJSAPI.dll
2010-03-27 09:56 . 2010-03-27 09:56 -------- d-----w- c:\program files\Hercules
2010-03-27 09:55 . 2010-03-27 09:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\InstallShield
2010-03-25 16:32 . 2010-03-26 01:26 -------- dc----w- c:\users\Jordon and Rebecca\AppData\Local\MigWiz
2010-03-24 20:33 . 2010-03-24 20:33 -------- d-----w- c:\programdata\Microsoft Corporation
2010-03-24 18:38 . 2010-03-24 18:38 -------- d-----w- c:\program files\Windows Easy Transfer 7
2010-03-24 18:35 . 2010-03-24 18:35 -------- d-----w- c:\program files\Microsoft Windows Vista Upgrade Advisor
2010-03-24 17:34 . 2009-05-19 15:56 262144 ----a-w- c:\windows\system32\HDJAPI.dll
2010-03-24 17:34 . 2009-05-19 15:56 106496 ----a-w- c:\windows\system32\HRFDongle.dll
2010-03-22 15:30 . 2010-04-11 09:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-22 15:30 . 2010-03-22 15:30 -------- d-----w- c:\program files\Java
2010-03-22 14:59 . 2008-03-27 17:49 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2010-03-21 15:21 . 2010-03-21 15:21 -------- d-----w- c:\programdata\Xerox
2010-03-20 13:53 . 2010-03-20 14:51 -------- d-----w- C:\ZillaTube
2010-03-16 20:33 . 2010-03-16 20:33 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 21:47 . 2010-03-12 17:33 -------- d-----w- c:\program files\Common Files\Apple
2010-04-09 20:06 . 2010-03-03 12:56 -------- d-----w- c:\program files\Google
2010-04-08 19:27 . 2010-03-12 17:34 -------- d-----w- c:\programdata\Apple Computer
2010-04-07 11:52 . 2010-03-12 15:09 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\vlc
2010-04-07 11:50 . 2010-02-16 14:55 874 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\wklnhst.dat
2010-04-06 11:48 . 2010-03-04 20:57 -------- d-----w- c:\programdata\avg9
2010-04-03 18:43 . 2010-03-03 13:55 -------- d-----w- c:\program files\Vuze
2010-04-03 18:42 . 2010-03-03 13:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus
2010-04-01 14:45 . 2010-03-14 17:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-27 09:56 . 2009-09-23 20:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-21 13:41 . 2010-02-16 11:34 66752 ----a-w- c:\users\Jordon and Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 19:41 . 2010-03-14 16:27 -------- d-----w- c:\program files\VirtualDJ
2010-03-14 18:00 . 2010-03-10 22:46 -------- d-----w- c:\program files\DivX
2010-03-14 18:00 . 2010-03-10 22:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-14 17:06 . 2010-03-03 14:04 -------- d-----w- c:\programdata\Symantec
2010-03-14 17:02 . 2010-03-14 17:02 -------- d-----w- c:\program files\Norton Security Scan
2010-03-14 17:02 . 2010-03-03 14:04 -------- d-----w- c:\programdata\Norton
2010-03-14 17:02 . 2010-03-03 14:04 -------- d-----w- c:\program files\NortonInstaller
2010-03-14 16:33 . 2010-03-14 16:33 6516755 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-03-14 16:33 . 2010-03-14 16:33 4141117 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-03-14 12:19 . 2010-03-10 22:34 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-13 12:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-12 17:36 . 2010-03-12 17:36 10134 ----a-r- c:\users\Jordon and Rebecca\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-03-12 17:36 . 2010-03-12 17:36 -------- d-----w- c:\program files\Sony
2010-03-12 17:36 . 2010-03-12 17:36 -------- d-----w- c:\programdata\Sony Corporation
2010-03-12 17:33 . 2010-03-12 17:33 -------- d-----w- c:\programdata\Apple
2010-03-12 17:33 . 2010-03-12 17:31 32494896 ----a-w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
2010-03-12 17:31 . 2010-03-12 17:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony Setup
2010-03-12 17:30 . 2010-03-12 17:30 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Sony
2010-03-12 17:30 . 2010-03-12 17:30 -------- d-----w- c:\program files\Sony Setup
2010-03-12 17:20 . 2010-03-12 17:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-10 22:46 . 2010-03-10 22:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-10 22:40 . 2010-03-10 22:40 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-10 22:40 . 2010-03-10 22:40 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-10 22:40 . 2010-03-10 22:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-10 22:40 . 2010-03-10 22:39 -------- d-----w- c:\program files\Common Files\Real
2010-03-10 22:40 . 2010-03-10 22:39 -------- d-----w- c:\program files\Real
2010-03-10 22:39 . 2010-03-10 22:39 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-10 22:39 . 2010-03-10 22:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-10 22:39 . 2010-03-10 22:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-10 22:34 . 2010-03-10 22:34 -------- d-----w- c:\programdata\McAfee Security Scan
2010-03-10 22:34 . 2010-03-10 22:34 -------- d-----w- c:\programdata\McAfee
2010-03-10 18:19 . 2010-03-10 18:19 -------- d-----w- c:\program files\VideoLAN
2010-03-10 17:44 . 2010-03-10 17:44 -------- d-----w- c:\program files\Conduit
2010-03-09 22:55 . 2010-03-09 22:55 -------- d-----w- c:\programdata\WindowsSearch
2010-03-08 15:18 . 2010-03-08 15:18 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-08 15:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-08 15:18 . 2010-03-08 15:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-03-07 22:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-03-06 21:15 . 2010-03-06 21:15 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\AVG9
2010-03-05 13:25 . 2010-03-04 20:58 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-05 13:24 . 2010-03-05 13:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 13:24 . 2010-03-04 20:58 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 13:22 . 2010-03-04 20:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 13:22 . 2010-03-04 20:58 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-04 20:57 . 2010-03-04 20:57 -------- d-----w- c:\program files\AVG
2010-03-04 15:47 . 2010-03-04 15:47 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
2010-03-04 15:47 . 2010-03-04 15:47 390528 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
2010-03-04 15:47 . 2010-03-04 15:47 249856 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
2010-03-04 15:44 . 2010-03-04 15:44 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Trusteer
2010-03-04 15:44 . 2010-03-04 15:44 -------- d-----w- c:\program files\Trusteer
2010-03-04 15:42 . 2010-03-04 15:42 -------- d-----w- c:\programdata\Trusteer
2010-03-03 20:33 . 2010-03-03 20:33 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-03 16:19 . 2009-09-23 14:06 -------- d-----w- c:\program files\Microsoft Works
2010-03-03 16:17 . 2009-09-23 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-03 15:12 . 2010-03-03 15:12 -------- d-----w- c:\program files\Guillemot
2010-03-03 14:04 . 2010-03-03 14:04 -------- d-----w- c:\programdata\NortonInstaller
2010-03-03 13:55 . 2010-03-03 13:55 -------- d-----w- c:\programdata\Azureus
2010-03-03 13:55 . 2010-03-03 13:55 -------- d-----w- c:\program files\Common Files\i4j_jres
2010-03-03 12:52 . 2010-03-03 12:52 16 ----a-w- c:\windows\popcinfo.dat
2010-03-03 12:22 . 2010-03-03 12:22 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\SpinTop
2010-02-24 09:16 . 2010-03-03 11:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 11:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 11:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 11:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 11:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-18 10:38 . 2010-02-18 10:37 -------- d-----w- c:\users\Guest\AppData\Roaming\BullGuard
2010-02-18 10:38 . 2010-02-18 10:38 65800 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 15:21 . 2010-02-16 15:18 -------- d-----w- c:\users\Other\AppData\Roaming\BullGuard
2010-02-16 15:18 . 2010-02-16 15:18 65800 ----a-w- c:\users\Other\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 14:55 . 2010-02-16 14:55 -------- d-----w- c:\users\Jordon and Rebecca\AppData\Roaming\Template
2010-02-16 09:31 . 2010-03-14 17:06 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
2010-02-16 09:31 . 2010-03-14 17:06 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
2010-02-16 09:31 . 2010-03-14 17:06 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
2010-02-16 09:31 . 2010-03-14 17:06 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
2010-02-16 09:31 . 2010-03-14 17:06 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
2010-02-16 09:31 . 2010-03-14 17:06 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
2010-02-16 09:31 . 2010-03-14 17:06 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
2010-02-16 09:31 . 2010-03-14 17:06 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
2010-02-12 10:48 . 2010-03-03 16:14 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00 . 2010-03-03 12:02 471552 ----a-w- c:\windows\system32\secproc_isv.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-13_21.14.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:02 . 2010-04-13 22:15 67650 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2010-04-13 20:29 67650 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-16 14:41 . 2010-04-13 22:15 11460 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-575106018-2748924237-2774505119-1000_UserData.bin
- 2009-09-23 16:57 . 2010-04-13 20:50 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-23 16:57 . 2010-04-13 22:13 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-12 20:07 . 2010-04-13 20:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-04-12 20:07 . 2010-04-13 21:31 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-09-23 16:57 . 2010-04-13 22:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-23 16:57 . 2010-04-13 20:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 20:27 . 2010-04-13 22:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-13 20:27 . 2010-04-13 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-13 20:27 . 2010-04-13 22:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-13 20:27 . 2010-04-13 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-04-13 22:17 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-13 20:58 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-13 20:58 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-04-13 22:17 105448 c:\windows\System32\perfc009.dat
- 2009-09-23 20:24 . 2010-04-13 20:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-23 20:24 . 2010-04-13 21:31 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-23 16:57 . 2010-04-13 20:50 638976 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-23 16:57 . 2010-04-13 22:13 638976 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-31 7731744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-10-23 509224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):98,a8,fc,f2,b2,be,ca,01

R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x]
R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\Drivers\HDJCtrl.sys [x]
R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-03-05 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-03-05 242696]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-04 390528]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-03-23 58984]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-03-23 125160]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
S2 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover119.exe [2010-04-06 61712]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-03-23 779496]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\Norton Security Scan for Jordon and Rebecca.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-14 12:46]

2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{08B7D462-BD19-4BAC-82C3-3B07BB9114E4}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Jordon and Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\mgqogdkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 23:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8607BAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x869a3d24
\Driver\ACPI -> acpi.sys @ 0x80692d68
\Driver\atapi -> ataport.SYS @ 0x807a1a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-13 23:43:47
ComboFix-quarantined-files.txt 2010-04-13 22:43
ComboFix2.txt 2010-04-13 21:18

Pre-Run: 200,080,936,960 bytes free
Post-Run: 200,049,369,088 bytes free

- - End Of File - - F21CB79F36DDF5E880B0CA19BF3D0CA9
Upload was successful

[ldtate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

File::
E:\FXDrv32.sys 
c:\programdata\BarDiscover\bardiscover119.exe

Folder::
c:\programdata\BarDiscover

Driver::
FXDrv32

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...




Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.

[ldtate]

Do you still need help with this?

[ldtate]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.