I run a 1 year old Vista machine.
As far as I know the only page that is inaccessible is http://www.motogpmatters.com/news/ . This started around Dec. 23. I have tried first closing Windows Defender and AGV Free Edition. Didn't help. After reading the recent post "hacked" below, I have run the three scanners indicated and am posting the results below. My problem persists:
Malwarebytes' Anti-Malware 1.42
Database version: 3447
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
12/28/2009 10:07:30 PM
mbam-log-2009-12-28 (22-07-30).txt
Scan type: Quick Scan
Objects scanned: 96075
Time elapsed: 8 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104185524524.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Den\Desktop\Free Software Downloads and Reviews - Download.com.url (Rogue.Link) -> Quarantined and deleted successfully.
---------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:05:32 PM, on 12/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Den\Downloads\acv311\ArsClip.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DAP\DAP.EXE
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://biz.yahoo.com/top.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [TBC.exe] C:\PROGRA~1\TITLEB~1\TBC.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: ArsClip - Shortcut.lnk = C:\Users\Den\Downloads\acv311\ArsClip.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8280 bytes
-----------------------------------------------------------------------
ComboFix 09-12-29.04 - Den 12/29/2009 21:44:42.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.1146 [GMT -5:00]
Running from: c:\users\Den\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3742446838-2658559352-3209247587-500
c:\$recycle.bin\S-1-5-21-674202317-2017415143-1249894545-500
c:\users\Den\AppData\Roaming\.#
c:\users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Windows Live Messenger .lnk
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.
2009-12-30 02:53 . 2009-12-30 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 02:02 . 2009-12-30 02:05 -------- d-----w- c:\windows\system32\ca-ES
2009-12-30 02:02 . 2009-12-30 02:05 -------- d-----w- c:\windows\system32\eu-ES
2009-12-30 02:02 . 2009-12-30 02:05 -------- d-----w- c:\windows\system32\vi-VN
2009-12-29 02:36 . 2009-12-29 02:36 -------- d-----w- c:\users\Den\AppData\Roaming\Malwarebytes
2009-12-29 02:36 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 02:36 . 2009-12-29 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 02:36 . 2009-12-29 02:36 -------- d-----w- c:\programdata\Malwarebytes
2009-12-29 02:36 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-09 14:30 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 14:30 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 14:30 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 14:30 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-30 18:57 . 2009-11-30 18:57 -------- d-----w- c:\program files\Sibelius Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 02:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-12-30 02:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-30 02:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-12-30 02:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-12-30 02:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-30 02:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-12-30 02:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-25 20:29 . 2009-11-28 15:08 -------- d-----w- c:\program files\Google
2009-12-19 04:45 . 2009-07-25 23:46 -------- d-----w- c:\users\Den\AppData\Roaming\vlc
2009-12-15 01:13 . 2008-12-04 01:54 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-01 22:49 . 2008-08-25 13:15 -------- d-----w- c:\program files\Java
2009-12-01 14:13 . 2008-11-28 18:57 108320 ----a-w- c:\users\Den\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 23:29 . 2008-11-30 22:50 5914 ----a-w- c:\users\Den\AppData\Roaming\wklnhst.dat
2009-11-21 06:40 . 2009-12-09 14:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 21:16 . 2008-12-01 06:25 -------- d-----w- c:\users\Den\AppData\Roaming\Image Zone Express
2009-11-03 01:42 . 2009-10-03 13:15 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-26 05:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 09:17 . 2009-09-07 20:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 03:52 . 2009-01-27 22:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-07 03:52 . 2009-01-27 22:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-07 03:52 . 2009-01-27 22:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-03 20:46 . 2009-10-03 20:46 0 ----a-w- c:\windows\ativpsrm.bin
2008-12-18 02:01 . 2008-12-18 02:01 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-25 13:36 . 2008-08-25 13:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-01-12 972344]
"TBC.exe"="c:\progra~1\TITLEB~1\TBC.EXE" [2002-08-23 35840]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-12-04 3114496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-12 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"SetPoint"="c:\program files\Logitech\SetPoint\SetPoint.EXE" [2008-05-02 805392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-01 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-07 2023704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
c:\users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ArsClip - Shortcut.lnk - c:\users\Den\Downloads\acv311\ArsClip.exe [2008-4-8 1135104]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-28 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2008-12-04 01:31 3114496 ----a-w- c:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):42,86,a8,ad,f6,88,ca,01
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/27/2009 5:09 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1/28/2009 11:26 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/27/2009 5:08 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/27/2009 5:08 PM 297752]
R3 HSXHWBS3;HSXHWBS3;c:\windows\System32\drivers\HSXHWBS3.sys [8/25/2008 8:36 AM 207360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2009 10:09 AM 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 15:08]
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 15:08]
2009-12-29 c:\windows\Tasks\User_Feed_Synchronization-{8216C45D-696F-4A3C-9CC6-F315F3F2B550}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://biz.yahoo.com/top.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 21:56
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TBC.exe = c:\progra~1\TITLEB~1\TBC.EXE????????????L???????????????? ????b????????v\???????????????????????????0???????X?????????@?\???X??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-29 21:59:10
ComboFix-quarantined-files.txt 2009-12-30 02:59
Pre-Run: 72,911,106,048 bytes free
Post-Run: 72,498,860,032 bytes free
- - End Of File - - 28C3A73E2231D31FDE245CBDDEF5D6D0
-------------------------------------------------------------------------------