Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google results redirect; MBAM & avast! also will not update (S

Started by julie factorial , Apr 04 2009 10:47 AM

  • Please log in to reply

#1
julie factorial
Posted 04 April 2009 - 10:47 AM

julie factorial

    New Member

  • Member
  • Pip
  • 1 posts
Hey,

First off, thanks for reading this!

I'm experiencing the same Google search results redirect issue as others on this board, but following the advice in other threads has yet to solve the problem on my machine. The redirects also occasionally force Firefox to close and always force IE to close. Since infection, Firefox also closes of its own accord in the course of normal browsing.

I've followed the steps in the malware cleaning guide, but [in a related issue?] I'm unable to update MBAM and avast! before scanning, so they may not be effective. Windows Update also fails to operate properly in Firefox or IE, but I have auto-update enabled and SP3 installed.

MBAM found no malicious items and avast! found no viruses.

Running rooter.exe produces the following error message before creating Rooter.txt:
Exception Processing Message c00000a3 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Vundofix & Virtumondebegone found nothing.
I've tried running SDFix in Safe Mode on a friend's advice, but it just restarts Safe Mode without doing anything else.
Goored found no suspect entries.
CatchMe found nothing.
DrWebCureIt found nothing.
AVZ does not produce a log and closes immediately when it finishes the scan (though that part may be normal.)

Rooter and OTLI2 logs follow! (OTLI2 did not produce an Extras log)

Thank you so much for your help.

-Julie

ETA: SmitFraudFix did not change anything. Log included!


ROOTER - Rooter.txt


Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:114463 Mo/Free:3747 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 04/04/2009|11:36

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Alwil Software\Avast4\setup\avast.setup
---------- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
---------- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
---------- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Mimoco\SoundByte.exe
---------- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\McAfee\Common Framework\McTray.exe
---------- C:\Program Files\NETGEAR\MA301 Wireless PCI Adapter\Config.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
---------- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/01/2009| 8:32
2 - "C:\Rooter$\Rooter_2.txt" - Wed 04/01/2009| 9:34
3 - "C:\Rooter$\Rooter_3.txt" - Wed 04/01/2009|12:40
4 - "C:\Rooter$\Rooter_4.txt" - Wed 04/01/2009|14:19
5 - "C:\Rooter$\Rooter_5.txt" - Fri 04/03/2009|10:02
6 - "C:\Rooter$\Rooter_6.txt" - Sat 04/04/2009|11:29
7 - "C:\Rooter$\Rooter_7.txt" - Sat 04/04/2009|11:36

----------------------\\ Scan completed at 11:36


OTLI2 - OTListIt.txt


OTListIt logfile created on: 4/4/2009 11:37:14 AM - Run 4
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Travis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.49 Mb Total Physical Memory | 587.16 Mb Available Physical Memory | 57.37% Memory free
2.41 Gb Paging File | 2.09 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 15.66 Gb Free Space | 14.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEJANDRO-II
Current User Name: Travis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\setup\avast.setup ()
PRC - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mimoco\SoundByte.exe ()
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\NETGEAR\MA301 Wireless PCI Adapter\Config.exe (Neesus Datacom Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Documents and Settings\Travis\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (CW10 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CW10.sys (NETGEAR)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (hamachi [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ndcprtns [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ndcprtns.sys (Neesus Datacom Inc.)
DRV - (NokiaSuite3 [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\NokiaSuite3.sys (Nokia Mobile Phones Ltd.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvatabus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usb2vcom [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb2vcom.sys ()
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/index.html"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:2.0.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:3.3.9

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/02 00:29:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 08:07:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 14:13:29 | 00,000,000 | ---D | M]

[2008/06/18 10:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Extensions
[2008/06/18 10:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/03 08:46:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Firefox\Profiles\qeb22ga1.default\extensions
[2007/10/19 17:10:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Firefox\Profiles\qeb22ga1.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2009/03/27 08:11:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Firefox\Profiles\qeb22ga1.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2008/10/06 18:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Firefox\Profiles\qeb22ga1.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2008/06/18 10:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Firefox\Profiles\qeb22ga1.default\extensions\[email protected]
[2008/04/21 10:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Firefox\Profiles\qeb22ga1.default\extensions\[email protected]
[2006/07/28 22:08:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis\Application Data\mozilla\Firefox\Profiles\qeb22ga1.default\extensions\temp
[2009/04/03 08:16:24 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\Travis\Application Data\Mozilla\FireFox\Profiles\qeb22ga1.default\searchplugins\dictionarycom.xml
[2008/04/13 22:36:54 | 00,002,058 | ---- | M] () -- C:\Documents and Settings\Travis\Application Data\Mozilla\FireFox\Profiles\qeb22ga1.default\searchplugins\thottbot.xml
[2008/06/17 15:47:54 | 00,002,006 | ---- | M] () -- C:\Documents and Settings\Travis\Application Data\Mozilla\FireFox\Profiles\qeb22ga1.default\searchplugins\urban-dictionary.xml
[2008/06/21 16:28:16 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Travis\Application Data\Mozilla\FireFox\Profiles\qeb22ga1.default\searchplugins\wikipedia.xml
[2009/04/03 08:46:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 14:13:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/14 16:13:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/02 00:29:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/14 12:55:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 14:13:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 14:13:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/18 18:55:35 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/18 18:55:35 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/18 18:55:35 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/18 18:55:35 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/18 18:55:35 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/18 18:55:35 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/18 18:55:35 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [MimocoSoundByte] "C:\Program Files\Mimoco\SoundByte.exe" -d data ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (Nokia)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart (Google)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Configuration Utility.lnk = C:\Program Files\NETGEAR\MA301 Wireless PCI Adapter\Config.exe (Neesus Datacom Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{2D448D0B-20D5-4CD6-84F7-DB9868CB5F6C}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/04/04 10:36:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Travis\Desktop\avz4
[2009/04/04 10:35:30 | 04,626,422 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\avz4.zip
[2009/04/04 10:23:25 | 01,882,786 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\SDFix.zip
[2009/04/01 21:40:37 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/01 21:40:15 | 01,529,241 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\SDFix.exe
[2009/04/01 18:01:23 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/01 18:01:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/01 18:01:23 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/01 18:01:23 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/01 18:01:23 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/01 18:01:23 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/01 18:01:23 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/01 18:01:23 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/01 18:01:23 | 00,001,709 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/04/01 18:01:09 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/01 18:01:09 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/01 18:01:06 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/01 17:59:45 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/01 17:56:22 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Travis\Desktop\Avast! Professional Edition 4.8.1335
[2009/04/01 17:29:43 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Travis\Desktop\Autoruns
[2009/04/01 13:34:31 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/01 10:27:17 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Travis\Desktop\SysRestorePoint_v13
[2009/04/01 08:31:47 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/01 08:18:30 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Travis\Desktop\OTListIt2.exe
[2009/04/01 08:17:03 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\Rooter.exe
[2009/03/31 08:47:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Travis\Application Data\Malwarebytes
[2009/03/31 08:47:22 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/31 08:47:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/31 08:47:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/31 08:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/31 08:47:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/31 08:45:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/31 08:44:53 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\ERUNT.lnk
[2009/03/31 08:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/21 15:44:49 | 00,214,119 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\AAA_Bond_Data_xls.zip
[2009/03/21 08:09:01 | 00,069,407 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\dataTLT.csv
[2009/03/21 08:08:28 | 00,020,007 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\dataBND.csv
[2009/03/21 08:05:42 | 00,059,727 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\data.csv
[2009/03/19 10:24:46 | 00,024,576 | ---- | C] () -- C:\DOCUME~1\Travis\Desktop\fluvial unit 1.doc
[2009/03/07 08:06:48 | 00,000,000 | --SD | C] -- C:\DOCUME~1\Travis\My Documents\My Data Sources
[2009/03/06 18:27:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Travis\Application Data\Apple Computer
[2009/03/06 00:39:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/03/06 00:11:43 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Travis\Desktop\whatever

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/04 11:36:00 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\Rooter.exe
[2009/04/04 11:00:26 | 00,013,046 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/04 11:00:05 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/04/04 11:00:04 | 00,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/04 10:59:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 10:59:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 10:35:52 | 04,626,422 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\avz4.zip
[2009/04/04 10:23:30 | 01,882,786 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\SDFix.zip
[2009/04/04 10:23:18 | 01,529,241 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\SDFix.exe
[2009/04/02 18:36:33 | 00,044,544 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\jubox.doc
[2009/04/01 18:01:23 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/01 18:01:23 | 00,001,709 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/04/01 09:48:28 | 00,183,296 | ---- | M] () -- C:\Documents and Settings\Travis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 08:18:30 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Travis\Desktop\OTListIt2.exe
[2009/03/31 08:47:22 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/31 08:44:53 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\ERUNT.lnk
[2009/03/29 09:29:50 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/28 18:59:46 | 00,001,884 | -H-- | M] () -- C:\DOCUME~1\Travis\My Documents\Default.rdp
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/21 23:53:52 | 00,258,048 | -HS- | M] () -- C:\DOCUME~1\Travis\Desktop\Thumbs.db
[2009/03/21 16:09:16 | 00,214,119 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\AAA_Bond_Data_xls.zip
[2009/03/21 08:09:01 | 00,069,407 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\dataTLT.csv
[2009/03/21 08:08:28 | 00,020,007 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\dataBND.csv
[2009/03/21 08:05:43 | 00,059,727 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\data.csv
[2009/03/19 14:11:55 | 00,024,576 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\fluvial unit 1.doc
[2009/03/13 13:51:45 | 00,082,944 | ---- | M] () -- C:\DOCUME~1\Travis\Desktop\mobwars.xls
[2009/03/12 13:37:59 | 00,000,766 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/11 03:07:17 | 00,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:00:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/09 07:12:09 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 07:12:09 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 07:12:09 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >


SmitFraudFix - Rapport.txt


SmitFraudFix v2.406

Scan done at 11:04:06.78, Sun 04/05/2009
Run from C:\Documents and Settings\Travis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
DNS Server Search Order: 216.39.194.8
DNS Server Search Order: 216.39.194.9

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3360289B-7821-459D-A748-DCBD20FF66D6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7BDA3418-C017-47CC-9F08-E91CB061A675}: DhcpNameServer=216.39.194.8 216.39.194.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3360289B-7821-459D-A748-DCBD20FF66D6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7BDA3418-C017-47CC-9F08-E91CB061A675}: DhcpNameServer=216.39.194.8 216.39.194.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3360289B-7821-459D-A748-DCBD20FF66D6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7BDA3418-C017-47CC-9F08-E91CB061A675}: DhcpNameServer=216.39.194.8 216.39.194.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
DNS Server Search Order: 216.39.194.8
DNS Server Search Order: 216.39.194.9

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3360289B-7821-459D-A748-DCBD20FF66D6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7BDA3418-C017-47CC-9F08-E91CB061A675}: DhcpNameServer=216.39.194.8 216.39.194.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3360289B-7821-459D-A748-DCBD20FF66D6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7BDA3418-C017-47CC-9F08-E91CB061A675}: DhcpNameServer=216.39.194.8 216.39.194.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3360289B-7821-459D-A748-DCBD20FF66D6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7BDA3418-C017-47CC-9F08-E91CB061A675}: DhcpNameServer=216.39.194.8 216.39.194.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

Edited by julie factorial, 05 April 2009 - 10:09 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP