[Solved] Google redirects, crazy mouse

[Whale]

Hi guys. Thanks for providing this forum.

I have already done some of the things that you are not supposed to do before I found this thread. I tried a system restore but the restoration could not be completed. I also downloaded some registry cleaning software, but they were trial versions and didn't do much. Also, I had already downloaded MalwareBytes about two weeks ago and it got rid of a fake AntiVir program. If you want I can post the logs from the other times I ran the program. But I ran it again today in the recommended order.

--I ran my AVG Anti-virus free program, a full scan, and nothing came up.

--I ran TFC

--Next I ran GMER

--Then DDS

when I start my computer, after running MalwareBytes the first time, I get a message saying I am missing two .dll files.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4383

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/2/2010 9:59:05 PM
mbam-log-2010-08-02 (21-59-05).txt

Scan type: Quick scan
Objects scanned: 132570
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



==========================================================
==========================================================


I have attached the DDS files below, as that's what the instructions on the log told me to do.


Thank you for your time and expertise!!

I should also mention that I use Firefox, but have IE and Chrome installed. When I try to use them they won't connect to the internet. This is keeping me from getting the recommended update listed in the main thread.

 

[Broni]

Welcome aboard

GMER log is missing.

 

[Whale]

Ah, crud. Sorry about that. It's attached below. Thanks.

 

[Broni]

Looks normal

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Whale]

My mouse has stopped acting crazy, but as of last night I was still getting Google redirects. Only one, though. I haven't seen anything since running Combofix.



ComboFix 10-08-03.04 - Owner 08/04/2010 11:27:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.618 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{4F34ED36-0503-4988-A0E0-ADD8CD0D1390}
c:\documents and settings\Owner\Local Settings\Application Data\{4F34ED36-0503-4988-A0E0-ADD8CD0D1390}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{4F34ED36-0503-4988-A0E0-ADD8CD0D1390}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{4F34ED36-0503-4988-A0E0-ADD8CD0D1390}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{4F34ED36-0503-4988-A0E0-ADD8CD0D1390}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-04 14:59 . 2010-08-04 14:59 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-04 14:59 . 2010-08-04 14:55 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-04 14:59 . 2010-07-07 18:30 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-04 14:59 . 2009-10-14 15:19 529171 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-08-04 14:59 . 2009-10-14 15:19 529171 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-08-04 14:59 . 2010-08-04 14:59 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-04 14:59 . 2010-08-04 14:59 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-04 14:58 . 2010-08-04 14:58 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-04 14:58 . 2010-08-04 14:58 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-04 14:57 . 2010-08-04 14:57 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-04 14:56 . 2010-08-04 14:56 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-08-04 14:56 . 2010-08-04 14:56 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-08-04 00:28 . 2010-08-04 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-02 20:47 . 2010-08-02 20:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Grisoft
2010-08-02 20:46 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2010-08-02 20:46 . 2010-08-02 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-08-02 00:06 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-29 19:06 . 2010-07-29 19:06 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-29 19:06 . 2010-07-29 19:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-29 19:06 . 2010-07-29 19:06 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-28 00:00 . 2010-08-02 20:15 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-28 00:00 . 2010-08-02 19:15 -------- d-----w- c:\program files\Spyware Doctor
2010-07-27 23:55 . 2010-07-27 23:55 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-27 23:47 . 2010-08-02 20:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-27 23:32 . 2010-07-28 00:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\pkupqekyk
2010-07-16 18:04 . 2010-08-03 00:16 452104 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.12\setup.exe
2010-07-14 15:09 . 2010-07-14 15:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-14 14:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 14:54 . 2010-07-14 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-14 14:54 . 2010-07-14 14:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 14:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 20:48 . 2010-07-14 16:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\usgvmocie
2010-07-13 20:43 . 2010-07-13 20:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-13 20:38 . 2010-07-13 20:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-12 23:57 . 2010-07-12 23:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-11 18:47 . 2010-07-10 19:59 2068320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-07-11 18:47 . 2010-07-10 19:59 2722656 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2010-07-11 18:47 . 2010-07-10 19:59 3537760 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2010-07-11 18:47 . 2010-07-10 19:59 2048352 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2010-07-11 18:45 . 2010-07-10 19:58 1146208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-07-09 21:32 . 2010-07-10 19:55 0 ----a-w- c:\windows\Eyedivehada.bin
2010-07-09 21:32 . 2010-07-12 19:20 0 ----a-w- c:\windows\Xnumeteco.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 15:10 . 2009-05-25 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-08-04 15:06 . 2009-10-14 15:23 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2010-08-04 14:59 . 2009-10-14 15:18 -------- d-----w- c:\program files\DivX
2010-08-04 14:59 . 2009-10-14 15:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-03 21:37 . 2009-11-03 15:25 -------- d-----w- c:\program files\JDownloader
2010-08-03 15:52 . 2009-05-21 16:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-02 23:56 . 2009-11-02 00:05 -------- d-----w- c:\program files\uTorrent
2010-08-02 21:20 . 2009-11-02 00:04 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-08-02 19:16 . 2009-06-09 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-01 22:13 . 2004-08-04 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-07-29 19:06 . 2010-07-29 19:06 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-07-29 19:06 . 2010-07-29 19:06 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-07-29 19:06 . 2010-07-29 19:06 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-07-21 13:27 . 2009-05-20 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-06 22:35 . 2010-03-21 15:24 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-07-06 15:36 . 2010-02-02 18:44 -------- d-----w- c:\documents and settings\Owner\Application Data\PrimoPDF
2010-06-14 14:31 . 2003-12-02 06:24 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 23:01 . 2009-10-14 15:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2009-10-14 15:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2009-10-14 15:19 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2009-10-14 15:19 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2009-10-14 15:19 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2009-10-14 15:19 123888 ------w- c:\windows\system32\pxcpyi64.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-11 2048352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-21 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 13:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-12 20:02 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-22 03:44 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-22 03:48 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 18:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-21 00:01 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/20/2009 6:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/20/2009 6:13 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/28/2009 9:06 AM 297752]
S2 gupdate1ca4ce1aeab4299;Google Update Service (gupdate1ca4ce1aeab4299);c:\program files\Google\Update\GoogleUpdate.exe [10/14/2009 11:19 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 15:19]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 15:19]

2010-08-04 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15179&l=dis
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tam4d334.default\
FF - prefs.js: browser.startup.homepage - igoogle.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Vyezumecaha - c:\windows\netvabd.dll
HKLM-Run-Dlihunepu - c:\windows\axenifusizebaz.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-klmdb.sys
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-04 11:34:27
ComboFix-quarantined-files.txt 2010-08-04 15:34

Pre-Run: 72,557,563,904 bytes free
Post-Run: 72,528,334,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9518EFC30AA50A5241B483AC2EB3B4AC

 

[Whale]

Crazy mouse is back but no redirects today.

 

[Broni]

Please, define "crazy". What is happening with your mouse?

I'm glad to see redirection issue being gone

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\Eyedivehada.bin
c:\windows\Xnumeteco.dat


Folder::
c:\documents and settings\Owner\Local Settings\Application Data\pkupqekyk
c:\documents and settings\LocalService\Local Settings\Application Data\usgvmocie
c:\documents and settings\All Users\Application Data\Viewpoint

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643

Driver::

Registry::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Whale]

By crazy I mean that the cursor arrow will start jumping wildly to the top of the screen, and will cause the scroll function to go up and down. Clicking on anything is (almost) impossible. When this happens the light on my keyboard will flash. It may be a hardware problem, but it started when I noticed the redirects.

 

[Broni]

I misread your previous reply:

My mouse has stopped acting crazy

That's good
Any sign of redirection, or any other problems?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

====================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Whale]

Broni, everything is working now. Thanks a ton. Insane amount of appreciation to you and your great work!!

 

[Broni]

I'm glad to hear good news, but we need to complete all cleaning process steps.
Please, continue....

 

[Whale]

I bought a new mouse today to see if it was a hardware problem. So far everything seems to be working normally. The logs are too big for me to post them in my reply so I have attached them. Thanks again.

 

[Broni]

Great

Are you still using Registry Mechanic by any chance?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2007/05/30 08:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  SRV - [2007/05/30 08:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
  DRV - [2007/05/30 08:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
  DRV - [2007/05/30 08:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
  O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
  [2010/08/02 16:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Grisoft
  [2010/08/02 16:46:58 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
  [2010/08/02 16:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
  [2010/08/02 16:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft
  @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
  @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
  @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Grisoft
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[Whale]

All processes killed
========== OTL ==========
No active process named guard.exe was found!
Error: Unable to stop service AVG Anti-Spyware Guard!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG Anti-Spyware Guard deleted successfully.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe moved successfully.
Error: Unable to stop service AVG Anti-Spyware Driver!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG Anti-Spyware Driver deleted successfully.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys moved successfully.
Service AvgAsCln stopped successfully!
Service AvgAsCln deleted successfully!
C:\WINDOWS\system32\drivers\AvgAsCln.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\ deleted successfully.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll moved successfully.
C:\Documents and Settings\Owner\Application Data\Grisoft\AVG Antispyware 7.5\Reports folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Grisoft\AVG Antispyware 7.5\quarantine folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Grisoft\AVG Antispyware 7.5 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Grisoft folder moved successfully.
File C:\WINDOWS\System32\drivers\AvgAsCln.sys not found.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Translations folder moved successfully.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures folder moved successfully.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
C:\Program Files\Grisoft folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Grisoft not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 2198976 bytes
->Temporary Internet Files folder emptied: 976347 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35971768 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 5470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 508264334 bytes

Total Files Cleaned = 523.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08072010_015928

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Whale]

OTL logfile created on: 8/7/2010 2:15:45 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 643.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 70.40 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-B4E78E752
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 23:35:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/07/11 14:46:42 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/08/28 09:06:30 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 09:06:26 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/28 09:06:15 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/20 20:01:32 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/06 23:35:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/28 09:06:15 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/08/28 09:06:30 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 09:06:29 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/20 18:13:38 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 8B 30 B0 7F 35 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "igoogle.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:54:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/03 10:49:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/04 13:02:58 | 000,000,000 | ---D | M]

[2009/05/20 18:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/06 01:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tam4d334.default\extensions
[2009/09/01 09:33:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tam4d334.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/06 01:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tam4d334.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/02 17:04:44 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tam4d334.default\searchplugins\askcom.xml
[2010/08/04 13:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/04 13:03:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/05 13:57:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/02 02:26:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/07 01:59:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/06 23:34:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/06 01:57:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/04 13:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/04 13:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/04 12:58:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/08/04 12:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2010/08/04 11:25:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/04 11:20:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/03 20:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/08/02 16:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/07/29 15:06:35 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/29 15:06:28 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/29 15:06:22 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/27 20:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/27 20:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/27 19:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/14 11:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/07/14 10:54:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/14 10:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/14 10:54:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/14 10:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 16:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/13 16:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/13 16:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/13 16:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/12 19:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/10 18:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/10 18:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/10 18:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/09 23:56:08 | 000,000,000 | ---D | C] -- C:\4a3f492236976f9c87a1aa

========== Files - Modified Within 90 Days ==========

[2010/08/07 02:10:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/07 02:10:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/07 02:10:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/07 02:06:43 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/07 02:06:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/07 01:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/06 23:27:55 | 004,306,270 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/06 23:07:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/06 17:49:03 | 063,026,266 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/05 13:58:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/05 13:57:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/04 11:26:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/03 20:09:36 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 00:00:49 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/31 20:05:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/31 17:59:49 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/31 17:59:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/29 15:06:35 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/29 15:06:29 | 000,007,387 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/29 15:06:28 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/29 15:06:22 | 000,088,040 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/29 15:06:22 | 000,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/29 15:06:19 | 000,007,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/24 09:52:35 | 000,492,248 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 09:52:35 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 09:52:35 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 11:32:28 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/08/04 11:26:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/04 11:25:59 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/29 15:06:29 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/29 15:06:22 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/29 15:06:19 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/05/12 21:03:23 | 000,074,439 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\untitled.JPG
[2009/12/09 17:54:52 | 000,000,251 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/12/09 17:54:32 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2009/12/09 17:54:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/07/23 17:54:55 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/20 15:25:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/06/09 11:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/08/02 16:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/21 12:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/12 17:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2009/06/09 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/07/01 16:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited
[2010/01/13 10:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/07/15 00:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\play2p
[2010/07/06 11:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PrimoPDF
[2010/04/29 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RipIt4Me
[2010/08/02 17:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/12/30 20:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer

========== Purity Check ==========


< End of report >

 

[Whale]

I ran registry mechanic before finding this board. It was a trial version and said it would only fix 22 out of supposedly hundreds of errors I had. I ran it once and deleted it. Haven't used it since.

 

[Broni]

Good

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[Whale]

Broni,

I haven't done the last instructions because now when I restart my computer I get either a black screen with a blinking line, or a message saying I've had either a keyboard or mouse failure.

I have to unplug the mouse in order for the computer to start normally, and sometimes the keyboard.

 

[Broni]

Are those USB devices?
Do you have another mouse, keyboard to try?

I'll be gone for the most of the day, so I'll check on you later.

 

[Whale]

The old mouse was NOT USB, but the new one is. The keyboard is NOT USB. I do not have any others to try.

 

[Broni]

Try your old mouse and see what happens.

 

[Whale]

I threw the old mouse away because it eventually stopped working altogether. I suppose I could dig it out of the trash?

 

[Broni]

Give it a shot, or...
Try different USB port, borrow another mouse from a friend/family member....

 

[Whale]

Plugging into a different USB causes the computer to boot to a blank screen with a blinking line . . .

 

[Broni]

You have to borrow/buy PS/2 mouse, so you get to your computer somehow.