Browser Redirect

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Browser Redirect Extra tabs and or windows open keep getting redirectded

#1 Sal_B

Group: Member
Posts: 9
Joined: 28-October 10

Posted 28 October 2010 - 06:27 PM

My system is Windows Vista. No matter what browser I run, IE, Chrome, Safari, Mozilla, Firefox, when i click on a link from a search or enter an http in the address line I initially get redirected to a variety of websites and search results. I have run trend micro anti virus, malwarebytes and many others with not success. I now i have a tdss virus, i just can't remove it.

I have followed your directions and it still is there. The results of the scans and actions are attached.

The TDSSkiller results are:

C:\Windows\system32\drivers\ndis.sys - processing error

I have been working on this for a week. I have downloaded and run numerous rootkit removes, anivirus programs and malware removal programs. Your assistance is greatly appreciated.

Thank you

Sal

Attached File(s)

GooredFix.txt (2.96K)
Number of downloads: 25
OTL.Txt (117.43K)
Number of downloads: 49
otm results.txt (3.86K)
Number of downloads: 22

#2 Sal_B

Group: Member
Posts: 9
Joined: 28-October 10

Posted 28 October 2010 - 10:00 PM

OTM log

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sal\Desktop\cmd.bat deleted successfully.
C:\Users\Sal\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sal
->Temp folder emptied: 1353092 bytes
->Temporary Internet Files folder emptied: 23043433 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 653 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41311686 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 168300 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb

Error creating restore point.

OTM by OldTimer - Version 3.1.17.1 log created on 10282010_205306

Files moved on Reboot...
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMID3CLD\192_168_0_1[1].htm moved successfully.

Registry entries deleted on Reboot...

#3 Sal_B

Group: Member
Posts: 9
Joined: 28-October 10

Posted 28 October 2010 - 10:02 PM

GooredFix log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:01 on 28/10/2010 (Sal)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [18:11 20/03/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:13 31/12/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [04:15 15/01/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [22:12 22/04/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [20:13 20/08/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [16:03 26/10/2010]

C:\Users\Sal\Application Data\Mozilla\Firefox\Profiles\v3aidim6.default\extensions\
next@scribefire.com [05:55 27/10/2010]
toolbar@ask.com [04:24 03/02/2010]
{20a82645-c095-46ed-80e3-08825760534b} [04:10 25/09/2010]
{F807FACD-E46A-4793-B345-D58CB177673C} [18:10 23/10/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:05 31/12/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [04:19 27/03/2010]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG10\Firefox\" [07:13 15/10/2010]
"avg@igeared"="C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared" [16:30 22/10/2010]

---------- Old Logs ----------

-=E.O.F=-

#4 Sal_B

Group: Member
Posts: 9
Joined: 28-October 10

Posted 28 October 2010 - 10:05 PM

tdsskiller report

2010/10/28 21:02:56.0634 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 21:02:56.0634 ================================================================================
2010/10/28 21:02:56.0634 SystemInfo:
2010/10/28 21:02:56.0634
2010/10/28 21:02:56.0634 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/28 21:02:56.0634 Product type: Workstation
2010/10/28 21:02:56.0635 ComputerName: SAL-PC
2010/10/28 21:02:56.0635 UserName: Sal
2010/10/28 21:02:56.0635 Windows directory: C:\Windows
2010/10/28 21:02:56.0635 System windows directory: C:\Windows
2010/10/28 21:02:56.0635 Processor architecture: Intel x86
2010/10/28 21:02:56.0635 Number of processors: 2
2010/10/28 21:02:56.0635 Page size: 0x1000
2010/10/28 21:02:56.0635 Boot type: Normal boot
2010/10/28 21:02:56.0635 ================================================================================
2010/10/28 21:02:57.0129 Initialize success
2010/10/28 21:03:56.0260 ================================================================================
2010/10/28 21:03:56.0261 Scan started
2010/10/28 21:03:56.0261 Mode: Manual;
2010/10/28 21:03:56.0261 ================================================================================
2010/10/28 21:03:57.0883 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/28 21:03:58.0204 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/28 21:03:58.0292 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/28 21:03:58.0491 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/28 21:03:58.0556 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/28 21:03:58.0667 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/28 21:03:59.0049 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/10/28 21:03:59.0144 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/28 21:03:59.0329 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2010/10/28 21:03:59.0448 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/28 21:03:59.0503 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2010/10/28 21:03:59.0575 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/28 21:03:59.0689 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/28 21:03:59.0987 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/28 21:04:00.0064 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/28 21:04:00.0186 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/28 21:04:00.0444 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/28 21:04:01.0078 atikmdag (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/28 21:04:01.0634 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/10/28 21:04:01.0731 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/10/28 21:04:01.0951 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/10/28 21:04:02.0006 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2010/10/28 21:04:02.0084 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys
2010/10/28 21:04:02.0173 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2010/10/28 21:04:02.0314 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2010/10/28 21:04:02.0412 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\Windows\system32\DRIVERS\avgtdix.sys
2010/10/28 21:04:02.0670 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/28 21:04:02.0741 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/10/28 21:04:02.0881 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/28 21:04:03.0033 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/28 21:04:03.0151 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/28 21:04:03.0323 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/28 21:04:03.0397 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/28 21:04:03.0441 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/28 21:04:03.0480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/28 21:04:03.0549 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/28 21:04:03.0602 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/28 21:04:03.0758 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/28 21:04:03.0828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/28 21:04:03.0884 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/28 21:04:03.0987 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/28 21:04:04.0306 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/28 21:04:04.0370 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2010/10/28 21:04:04.0433 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/28 21:04:04.0473 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/28 21:04:04.0541 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/28 21:04:04.0861 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/28 21:04:04.0963 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/28 21:04:05.0323 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/10/28 21:04:05.0389 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/10/28 21:04:05.0435 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/10/28 21:04:05.0724 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/28 21:04:05.0885 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/28 21:04:06.0133 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/28 21:04:06.0241 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/28 21:04:06.0320 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/28 21:04:06.0654 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/28 21:04:06.0744 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/28 21:04:07.0059 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/28 21:04:07.0143 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/28 21:04:07.0189 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/28 21:04:07.0316 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/28 21:04:07.0376 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/28 21:04:07.0467 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/28 21:04:07.0543 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/28 21:04:07.0666 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/28 21:04:07.0835 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/10/28 21:04:08.0061 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/28 21:04:08.0324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/28 21:04:08.0361 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/28 21:04:08.0427 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/28 21:04:08.0467 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/28 21:04:08.0630 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/10/28 21:04:09.0077 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/10/28 21:04:09.0452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/28 21:04:09.0627 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/28 21:04:09.0813 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/28 21:04:10.0055 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/28 21:04:10.0170 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/28 21:04:10.0359 IKFileSec (bb07262041a213fea5fccf0a9f90d85a) C:\Windows\system32\drivers\ikfilesec.sys
2010/10/28 21:04:10.0415 IKSysFlt (b2581314d54f8de4262f0a51f7ba63d0) C:\Windows\system32\drivers\iksysflt.sys
2010/10/28 21:04:10.0462 IKSysSec (6f544cd764f949170b46a4dab11673e2) C:\Windows\system32\drivers\iksyssec.sys
2010/10/28 21:04:10.0717 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2010/10/28 21:04:10.0919 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/28 21:04:11.0019 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/28 21:04:11.0318 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/28 21:04:11.0512 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/28 21:04:11.0766 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/28 21:04:11.0863 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/28 21:04:11.0917 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/28 21:04:12.0138 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/28 21:04:12.0244 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/28 21:04:12.0329 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/28 21:04:12.0626 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/28 21:04:12.0768 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/28 21:04:12.0956 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/10/28 21:04:13.0037 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/28 21:04:13.0243 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/10/28 21:04:13.0429 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/28 21:04:13.0549 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/28 21:04:13.0621 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/28 21:04:13.0893 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/28 21:04:14.0012 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/10/28 21:04:14.0124 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/28 21:04:14.0343 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
2010/10/28 21:04:14.0428 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
2010/10/28 21:04:14.0565 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2010/10/28 21:04:14.0642 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2010/10/28 21:04:14.0738 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/28 21:04:14.0843 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/28 21:04:15.0035 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/28 21:04:15.0111 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/28 21:04:15.0220 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/28 21:04:15.0324 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/28 21:04:15.0388 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/28 21:04:15.0453 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/28 21:04:15.0559 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/28 21:04:15.0653 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/28 21:04:15.0929 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/28 21:04:16.0042 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/28 21:04:16.0168 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2010/10/28 21:04:16.0315 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/28 21:04:16.0581 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/28 21:04:16.0745 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/28 21:04:16.0880 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/28 21:04:16.0952 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/28 21:04:16.0993 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/28 21:04:17.0286 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/28 21:04:17.0474 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/28 21:04:17.0723 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/28 21:04:17.0897 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/28 21:04:17.0988 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/28 21:04:18.0189 NDIS (46c785095040fba2623c19bf23e4afd0) C:\Windows\system32\drivers\ndis.sys
2010/10/28 21:04:18.0195 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: 46c785095040fba2623c19bf23e4afd0, Fake md5: 1357274d1883f68300aeadd15d7bbb42
2010/10/28 21:04:18.0204 NDIS - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/28 21:04:18.0554 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/28 21:04:18.0620 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/28 21:04:18.0682 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/28 21:04:18.0745 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/28 21:04:19.0114 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/28 21:04:19.0186 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/28 21:04:19.0383 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/28 21:04:19.0497 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/28 21:04:19.0578 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/28 21:04:19.0679 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/28 21:04:19.0892 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/28 21:04:19.0959 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/10/28 21:04:20.0012 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/28 21:04:20.0071 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/28 21:04:20.0264 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/28 21:04:20.0344 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/28 21:04:20.0473 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/28 21:04:20.0940 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/28 21:04:21.0297 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/28 21:04:21.0377 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/28 21:04:21.0601 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/28 21:04:21.0758 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/10/28 21:04:21.0861 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/28 21:04:22.0288 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/28 21:04:22.0712 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/28 21:04:22.0788 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/28 21:04:22.0861 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/28 21:04:23.0001 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/28 21:04:23.0299 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/28 21:04:23.0522 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/28 21:04:23.0587 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/28 21:04:24.0213 R300 (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/28 21:04:24.0449 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/28 21:04:24.0516 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/28 21:04:24.0582 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/28 21:04:24.0663 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/28 21:04:25.0034 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/28 21:04:25.0267 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/28 21:04:25.0461 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/10/28 21:04:25.0569 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/28 21:04:25.0638 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/28 21:04:25.0916 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2010/10/28 21:04:26.0218 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/28 21:04:26.0337 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/28 21:04:26.0422 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/28 21:04:26.0727 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/28 21:04:26.0867 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/28 21:04:27.0083 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/28 21:04:27.0189 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/28 21:04:27.0294 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/10/28 21:04:27.0461 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/28 21:04:27.0533 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/28 21:04:27.0628 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/28 21:04:27.0746 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/10/28 21:04:27.0927 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/28 21:04:28.0061 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/28 21:04:28.0144 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/28 21:04:28.0348 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/28 21:04:28.0611 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/28 21:04:28.0865 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/28 21:04:28.0988 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/28 21:04:29.0196 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/28 21:04:29.0316 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/28 21:04:29.0592 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/28 21:04:29.0786 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/28 21:04:30.0119 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/28 21:04:30.0343 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/28 21:04:30.0508 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/28 21:04:30.0703 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/28 21:04:30.0777 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/28 21:04:30.0914 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/28 21:04:31.0195 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/28 21:04:31.0428 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/28 21:04:31.0746 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/28 21:04:31.0862 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/28 21:04:32.0050 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/28 21:04:32.0137 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/28 21:04:32.0258 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/28 21:04:32.0314 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/28 21:04:32.0574 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/28 21:04:32.0694 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/28 21:04:32.0812 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/28 21:04:33.0038 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/10/28 21:04:33.0176 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/28 21:04:33.0357 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/28 21:04:33.0483 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/28 21:04:33.0577 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/28 21:04:33.0643 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/28 21:04:33.0882 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/28 21:04:34.0016 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/28 21:04:34.0203 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/28 21:04:34.0273 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/28 21:04:34.0328 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/28 21:04:34.0500 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/28 21:04:34.0684 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/28 21:04:34.0751 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/28 21:04:34.0842 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2010/10/28 21:04:34.0907 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/28 21:04:35.0063 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/28 21:04:35.0138 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/28 21:04:35.0283 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/28 21:04:35.0457 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2010/10/28 21:04:35.0496 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/28 21:04:35.0550 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
2010/10/28 21:04:35.0777 WacomVTHid (6d95cb7cefe61b62472076187277edf6) C:\Windows\system32\DRIVERS\WacomVTHid.sys
2010/10/28 21:04:35.0991 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/28 21:04:36.0014 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/28 21:04:36.0237 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/28 21:04:36.0396 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/28 21:04:36.0615 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/10/28 21:04:36.0952 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/28 21:04:37.0219 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/28 21:04:37.0407 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/28 21:04:37.0594 ================================================================================
2010/10/28 21:04:37.0594 Scan finished
2010/10/28 21:04:37.0594 ================================================================================
2010/10/28 21:04:37.0615 Detected object count: 1
2010/10/28 21:04:39.0907 C:\Windows\system32\drivers\ndis.sys - processing error
2010/10/28 21:04:39.0907 Rootkit.Win32.TDSS.tdl3(NDIS) - User select action: Cure

#5 Sal_B

Group: Member
Posts: 9
Joined: 28-October 10

Posted 28 October 2010 - 10:12 PM

OTL log:

OTL logfile created on: 10/28/2010 9:08:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Sal\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.46 Gb Total Space | 27.82 Gb Free Space | 43.15% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.62 Gb Free Space | 56.23% Space Free | Partition Type: NTFS
Drive E: | 268.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 149.01 Gb Total Space | 117.16 Gb Free Space | 78.62% Space Free | Partition Type: FAT32

Computer Name: SAL-PC | User Name: Sal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sal\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - H:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - H:\AppServ\MySQL\bin\mysqld.exe ()
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - H:\AppServ\Apache2.2\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Sal\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Windows\System32\msvbvm60.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dinput.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- H:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (mysql) -- H:\AppServ\MySQL\bin\mysqld.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Apache2.2) -- H:\AppServ\Apache2.2\bin\httpd.exe (Apache Software Foundation)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\swdsvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\svcntaux.exe (PC Tools)
SRV - (DLSDB) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
SRV - (DLPWD) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (SymSMR130) -- C:\Windows\System32\drivers\SymSMR130.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (NDISKIO) -- C:\Users\Sal\AppData\Local\Temp\000001cd.nmc\nse\bin\ndiskio.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\D54B.tmp File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\wacomvthid.sys (Wacom Technology)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\lusbfilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\lmoufilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\lhidfilt.sys (Logitech, Inc.)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IKSysSec) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\vstdpv3.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\vstazl3.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\vstcnxt3.sys (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\bcmwl6.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 F7 3B 60 B5 89 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: next@scribefire.com:1.4.2.0
FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM&o=15364&locale=en_US&apn_uid=B9043F96-DDEC-4CA2-92EA-1BF92194D6D4&apn_ptnrs=GC&apn_sauid=53C0D4B6-185E-4B0F-87A8-01D332F9A302&apn_dtid=YYY-YYYB3&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/26 21:19:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/25 09:58:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:30:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 00:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 00:00:20 | 000,000,000 | ---D | M]

[2009/12/30 18:14:20 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Mozilla\Extensions
[2010/10/28 00:23:31 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\v3aidim6.default\extensions
[2010/09/24 21:10:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\v3aidim6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/23 11:10:17 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\v3aidim6.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2010/10/26 22:55:08 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\v3aidim6.default\extensions\next@scribefire.com
[2010/10/26 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\v3aidim6.default\extensions\toolbar@ask.com
[2010/10/28 00:01:15 | 000,002,566 | ---- | M] () -- C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\v3aidim6.default\searchplugins\askcom.xml
[2010/08/18 14:12:38 | 000,001,832 | ---- | M] () -- C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\v3aidim6.default\searchplugins\bing.xml
[2010/02/12 22:37:49 | 000,002,179 | ---- | M] () -- C:\Users\Sal\AppData\Roaming\Mozilla\Firefox\Profiles\v3aidim6.default\searchplugins\inbox-search.xml
[2010/10/28 00:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/20 11:11:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/22 15:12:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 13:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 09:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/18 07:03:40 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

O1 HOSTS File: ([2010/10/28 20:53:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.43\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ancestry.com ([search] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\7.0.517.43\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sal\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Sal\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/04/01 00:11:38 | 000,314,768 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/06/05 21:09:08 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2257beb7-f578-11de-9d02-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2257beb7-f578-11de-9d02-806e6f6e6963}\Shell\AutoRun\command - "" = E:\js2004.exe -- [2004/02/25 12:05:06 | 000,829,952 | R--- | M] (BDG Publishing Inc.)
O33 - MountPoints2\{a4acc382-642a-11df-911e-0019b9550d1c}\Shell\AutoRun\command - "" = K:\PMBP_Win.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 21:07:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTL.exe
[2010/10/28 20:53:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/28 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\Sal\Desktop\tdsskiller
[2010/10/28 20:50:14 | 000,519,168 | ---- | C] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTM.exe
[2010/10/28 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\Sal\Desktop\Various Scan results
[2010/10/28 16:55:02 | 000,000,000 | ---D | C] -- C:\Users\Sal\Desktop\GooredFix Backups
[2010/10/28 16:53:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Sal\Desktop\GooredFix.exe
[2010/10/28 16:30:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/28 16:29:16 | 000,000,000 | ---D | C] -- C:\Users\Sal\Desktop\erunt
[2010/10/28 13:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/10/28 00:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/28 00:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/10/22 20:27:21 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\Windows Live
[2010/10/22 13:08:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/22 13:08:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/22 13:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/22 11:48:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/20 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\e
[2010/10/20 12:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\e
[2010/10/20 11:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Notepad++
[2010/10/18 11:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\phpDesigner
[2010/10/18 11:10:36 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\phpDesigner
[2010/10/16 10:24:59 | 000,000,000 | ---D | C] -- C:\Users\Sal\Desktop\Craigslist Pics
[2010/10/16 10:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/10/16 10:05:04 | 000,000,000 | ---D | C] -- C:\Windows\MSSecurityNS
[2010/10/16 10:05:04 | 000,000,000 | ---D | C] -- C:\Windows\MSSecurityNi
[2010/10/16 10:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/10/16 09:54:45 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\Fonts
[2010/10/15 22:32:44 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\AVG Security Toolbar
[2010/10/15 00:17:10 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\AVG10
[2010/10/15 00:15:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/15 00:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/10/15 00:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/15 00:13:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/15 00:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/15 00:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/14 23:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2010/10/14 22:26:09 | 000,000,000 | ---D | C] -- C:\Users\Sal\Documents\RootkitBuster_2.80.1077[1]
[2010/10/14 21:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/10/14 21:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/14 21:09:59 | 000,000,000 | ---D | C] -- C:\Users\Sal\Documents\McafeeRootkitDetective[2]
[2010/10/14 21:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/14 21:08:24 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Local\NPE
[2010/10/14 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\Sal\Pavark
[2010/10/14 21:05:34 | 000,000,000 | ---D | C] -- C:\Users\Sal\Documents\AntiRootkit[2]
[2010/10/14 20:07:29 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010/10/14 20:07:26 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010/10/14 20:07:26 | 000,013,480 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvthid.sys
[2010/10/14 16:52:43 | 000,000,000 | ---D | C] -- C:\Users\Sal\Documents\RootkitBuster_2.80.1077[2]
[2010/10/14 16:51:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2010/10/14 15:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/10/14 15:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/14 13:56:24 | 000,079,688 | ---- | C] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys
[2010/10/14 13:56:24 | 000,062,280 | ---- | C] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys
[2010/10/14 13:56:24 | 000,041,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\ikfilesec.sys
[2010/10/14 13:56:24 | 000,029,000 | ---- | C] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\kcom.sys
[2010/10/13 08:49:45 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/10/13 08:49:45 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/10/13 08:49:45 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2010/10/13 08:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/10/13 08:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/10/13 08:43:32 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\PC Tools
[2010/10/12 23:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/12 23:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/12 21:56:44 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\IObit
[2010/10/12 21:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/10/12 21:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/10/12 19:50:55 | 000,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2010/10/12 19:50:55 | 000,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedBkp.dll
[2010/10/12 19:50:53 | 000,188,416 | ---- | C] (SoftShape Development) -- C:\Windows\System32\actsplash.ocx
[2010/10/09 12:23:05 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\WTablet
[2010/10/09 12:22:59 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\WTouch
[2010/10/09 12:22:55 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Touch_Tablet.dll
[2010/10/09 12:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/10/09 12:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/10/09 12:21:28 | 006,393,640 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\PenTablet.cpl
[2010/10/09 12:17:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010/10/09 12:17:17 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010/10/09 12:17:16 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.dll
[2010/10/09 12:17:11 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
[2010/10/09 12:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/10/03 10:02:40 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop\Hobbies
[2010/10/03 10:01:13 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop\Nurtition
[2010/10/02 22:52:18 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop\Games
[2010/10/02 22:48:51 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop\Spiritual-Meditation
[2010/10/02 22:47:06 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop\Internet Utilities
[2010/10/02 22:43:25 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop\Political
[2010/10/02 22:36:52 | 000,000,000 | R--D | C] -- C:\Users\Sal\Desktop\Browsers
[2010/10/02 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Sal\AppData\Roaming\Microsoft Corporation
[2010/10/02 21:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2010/09/30 15:13:21 | 000,000,000 | ---D | C] -- C:\Users\Sal\Tracing
[2010/09/30 15:13:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/30 13:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/09/28 23:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 30 Days ==========

[2010/10/28 21:07:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTL.exe
[2010/10/28 21:03:05 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/28 20:56:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 20:56:09 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\eifrdw.job
[2010/10/28 20:56:01 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 20:56:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 20:55:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/28 20:55:18 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 20:53:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/10/28 20:52:05 | 001,207,026 | ---- | M] () -- C:\Users\Sal\Desktop\tdsskiller.zip
[2010/10/28 20:50:20 | 000,519,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sal\Desktop\OTM.exe
[2010/10/28 20:42:47 | 000,355,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/28 20:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/28 19:42:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1745540648-459679391-2345914734-1000UA.job
[2010/10/28 17:46:26 | 097,961,613 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/28 16:53:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sal\Desktop\GooredFix.exe
[2010/10/28 14:42:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1745540648-459679391-2345914734-1000Core.job
[2010/10/28 13:32:10 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/10/28 11:59:01 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FFFE138-1F96-4401-B9A9-46F76ED79B13}.job
[2010/10/28 00:12:19 | 000,000,904 | ---- | M] () -- C:\Windows\System32\Pen_Tablet.dat
[2010/10/28 00:02:58 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/28 00:02:57 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/27 09:53:54 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/26 02:00:51 | 000,002,195 | ---- | M] () -- C:\Users\Sal\Desktop\form.html
[2010/10/26 00:38:23 | 000,000,248 | ---- | M] () -- C:\Users\Sal\Desktop\testlink.html
[2010/10/26 00:27:05 | 000,000,222 | ---- | M] () -- C:\Users\Sal\Desktop\current.html
[2010/10/26 00:21:08 | 000,000,217 | ---- | M] () -- C:\Users\Sal\Desktop\newbodytext.html
[2010/10/26 00:14:42 | 000,000,232 | ---- | M] () -- C:\Users\Sal\Desktop\test.html
[2010/10/25 23:52:38 | 000,000,000 | ---- | M] () -- C:\Windows\xvoice.wav
[2010/10/23 14:59:40 | 000,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
[2010/10/23 10:40:23 | 000,002,627 | ---- | M] () -- C:\Users\Sal\Desktop\Microsoft Office Word 2007.lnk
[2010/10/21 09:20:46 | 000,756,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/21 09:20:46 | 000,164,894 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/20 13:15:23 | 000,000,568 | ---- | M] () -- C:\Users\Sal\Desktop\Notepad++.lnk
[2010/10/18 11:03:09 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2010/10/18 10:23:55 | 000,043,371 | ---- | M] () -- C:\Windows\php.ini
[2010/10/17 15:04:21 | 000,000,524 | ---- | M] () -- C:\Users\Sal\Desktop\iTunes - Shortcut.lnk
[2010/10/16 10:49:24 | 000,011,776 | ---- | M] () -- C:\Users\Sal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 21:12:23 | 002,335,270 | ---- | M] () -- C:\Windows\System32\181E9F9.mht
[2010/10/13 08:43:41 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/10/12 23:26:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/12 21:51:30 | 000,000,945 | ---- | M] () -- C:\Users\Sal\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/11 22:01:08 | 000,037,488 | ---- | M] () -- C:\Users\Sal\Desktop\index.html
[2010/10/11 09:44:18 | 000,000,297 | ---- | M] () -- C:\Users\Sal\Desktop\Wrox Tutorials - Shortcut.lnk
[2010/10/11 09:24:03 | 000,002,305 | ---- | M] () -- C:\Users\Sal\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/10 12:46:37 | 000,015,535 | ---- | M] () -- C:\Users\Sal\Desktop\Dogs Feeding.xlsx
[2010/10/09 20:16:13 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/03 13:40:43 | 000,000,899 | ---- | M] () -- C:\Users\Sal\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2010/10/01 16:52:03 | 000,000,737 | ---- | M] () -- C:\Users\Sal\Desktop\HTML-Kit.lnk
[2010/09/30 22:41:38 | 000,000,501 | ---- | M] () -- C:\Users\Sal\Desktop\XML Marker.lnk
[2010/09/30 17:18:54 | 000,000,396 | ---- | M] () -- C:\Users\Sal\Desktop\inetpub - Shortcut.lnk
[2010/09/30 13:36:17 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2010/09/30 00:28:35 | 000,000,622 | ---- | M] () -- C:\Users\Sal\Desktop\Alchemist XML IDE.lnk

========== Files Created - No Company Name ==========

[2010/10/28 20:52:01 | 001,207,026 | ---- | C] () -- C:\Users\Sal\Desktop\tdsskiller.zip
[2010/10/28 17:46:26 | 097,961,613 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/28 13:32:10 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/10/28 00:02:58 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/28 00:02:57 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/26 01:08:52 | 000,002,195 | ---- | C] () -- C:\Users\Sal\Desktop\form.html
[2010/10/26 00:32:19 | 000,000,248 | ---- | C] () -- C:\Users\Sal\Desktop\testlink.html
[2010/10/26 00:27:04 | 000,000,222 | ---- | C] () -- C:\Users\Sal\Desktop\current.html
[2010/10/26 00:19:09 | 000,000,217 | ---- | C] () -- C:\Users\Sal\Desktop\newbodytext.html
[2010/10/26 00:00:34 | 000,000,232 | ---- | C] () -- C:\Users\Sal\Desktop\test.html
[2010/10/25 09:58:28 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/24 09:43:15 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/20 13:15:23 | 000,000,568 | ---- | C] () -- C:\Users\Sal\Desktop\Notepad++.lnk
[2010/10/18 09:54:02 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010/10/18 09:51:32 | 000,173,448 | ---- | C] () -- C:\Windows\1.sim
[2010/10/18 09:51:04 | 000,000,000 | ---- | C] () -- C:\Windows\xvoice.wav
[2010/10/17 15:04:21 | 000,000,524 | ---- | C] () -- C:\Users\Sal\Desktop\iTunes - Shortcut.lnk
[2010/10/14 21:12:23 | 002,335,270 | ---- | C] () -- C:\Windows\System32\181E9F9.mht
[2010/10/14 15:08:23 | 2011,217,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/13 08:57:52 | 000,000,904 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2010/10/13 08:43:41 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/10/12 19:50:53 | 000,389,120 | ---- | C] () -- C:\Windows\System32\ACTSKN43.OCX
[2010/10/12 12:34:52 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\eifrdw.job
[2010/10/11 09:44:18 | 000,000,297 | ---- | C] () -- C:\Users\Sal\Desktop\Wrox Tutorials - Shortcut.lnk
[2010/10/10 12:46:36 | 000,015,535 | ---- | C] () -- C:\Users\Sal\Desktop\Dogs Feeding.xlsx
[2010/10/09 20:16:13 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/09 12:21:33 | 001,595,175 | ---- | C] () -- C:\Windows\System32\PenTablet.znc
[2010/10/09 12:16:55 | 000,000,488 | ---- | C] () -- C:\Windows\System32\TouchTabletUserDefaults.xml
[2010/10/09 12:16:55 | 000,000,488 | ---- | C] () -- C:\Windows\System32\PenTabletUserDefaults.xml
[2010/10/03 13:38:04 | 000,000,899 | ---- | C] () -- C:\Users\Sal\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2010/10/01 16:52:03 | 000,000,737 | ---- | C] () -- C:\Users\Sal\Desktop\HTML-Kit.lnk
[2010/09/30 22:41:38 | 000,000,501 | ---- | C] () -- C:\Users\Sal\Desktop\XML Marker.lnk
[2010/09/30 17:18:54 | 000,000,396 | ---- | C] () -- C:\Users\Sal\Desktop\inetpub - Shortcut.lnk
[2010/09/30 00:28:35 | 000,000,622 | ---- | C] () -- C:\Users\Sal\Desktop\Alchemist XML IDE.lnk
[2010/09/30 00:28:21 | 000,000,402 | ---- | C] () -- C:\Windows\System32\msxml4.inf
[2010/08/31 21:13:08 | 000,000,084 | ---- | C] () -- C:\Windows\forminfo.ini
[2010/08/09 09:09:59 | 000,000,419 | ---- | C] () -- C:\Windows\COOK'N5.INI
[2010/08/09 09:02:03 | 000,000,085 | ---- | C] () -- C:\Windows\Cook'n99.ini
[2010/07/07 00:08:44 | 001,163,264 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2010/07/07 00:08:44 | 001,015,808 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/07/07 00:08:44 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/07/07 00:08:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2010/07/07 00:08:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2010/07/07 00:08:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll
[2010/07/07 00:08:44 | 000,036,352 | ---- | C] () -- C:\Windows\System32\MP2enc.dll
[2010/07/07 00:08:19 | 000,220,160 | ---- | C] () -- C:\Windows\System32\WnASPI32.dll
[2010/03/07 23:03:29 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/16 17:35:07 | 000,000,091 | ---- | C] () -- C:\Users\Sal\AppData\Local\fusioncache.dat
[2010/01/03 06:26:19 | 000,011,776 | ---- | C] () -- C:\Users\Sal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/01 20:54:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/10/09 14:48:46 | 000,532,480 | ---- | C] () -- C:\Windows\System32\INT14PPP.dll
[2008/10/09 14:48:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\UTL10PPP.dll
[2008/06/03 04:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/08 02:15:34 | 000,043,371 | ---- | C] () -- C:\Windows\php.ini
[2008/05/07 12:17:10 | 002,076,672 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/10/15 00:17:10 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\AVG10
[2010/08/24 22:44:51 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Bitstream
[2010/05/19 22:36:09 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\CBS Interactive
[2010/08/31 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\CoffeeCup Software
[2010/10/20 12:50:53 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\e
[2010/10/24 10:12:40 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\IObit
[2010/04/07 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\KeyingTool
[2010/08/08 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Leadertech
[2010/10/20 13:15:38 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Notepad++
[2010/05/19 22:36:19 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\OpenCandy
[2010/08/31 15:24:58 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Opera
[2010/09/19 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\PhotoScape
[2010/10/18 11:22:39 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\phpDesigner
[2010/05/20 00:20:33 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\Titanium Gears
[2010/10/09 12:23:07 | 000,000,000 | ---D | M] -- C:\Users\Sal\AppData\Roaming\WTouch
[2010/10/28 21:03:05 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/10/28 20:56:09 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\eifrdw.job
[2010/10/28 20:53:55 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/28 11:59:01 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5FFFE138-1F96-4401-B9A9-46F76ED79B13}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#6 Essexboy

Group: GeekU Moderator
Posts: 55,513
Joined: 31-May 06

Posted 31 October 2010 - 05:46 AM

Could you do the following please

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#7 Essexboy

Group: GeekU Moderator
Posts: 55,513
Joined: 31-May 06

Posted 03 November 2010 - 03:20 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Browser Redirect - Geeks to Go Forums