Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect and Random Pop-ups

Started by lspbh , Mar 27 2011 01:52 AM

  • Please log in to reply

#1
lspbh
Posted 27 March 2011 - 01:52 AM

lspbh

    New Member

  • Member
  • Pip
  • 1 posts
At times when i run a search with google,on firefox, i get redirected to random sites or alternate searches. and occasionally when i start up firefox i get popups. ive ran avast and it came up empty, and ad-aware where i had quarentined Win32.Adware.EShoper Engine and Win32.TrojanDownloader.Mufanom/A. then i ran malawarebyte antimalware and came up with trojanagent.ck and trojan downloader but also quarentied them. However i still have the problem with redirects and pop ups.

OTL logfile created on: 3/27/2011 12:42:39 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lawrence Ho\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 83.15 Gb Free Space | 35.71% Space Free | Partition Type: NTFS

Computer Name: LAWRENCE-PC | User Name: Lawrence Ho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/27 00:42:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lawrence Ho\Desktop\OTL.exe
PRC - [2011/03/23 19:46:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 08:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 08:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/29 14:27:45 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/07/29 14:27:44 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/27 00:42:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lawrence Ho\Desktop\OTL.exe
MOD - [2011/02/23 08:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 08:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/29 14:27:44 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 07:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 07:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 07:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 07:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 07:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 07:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 07:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/02 17:35:36 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/29 14:27:55 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/11 12:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/05/10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010/05/10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010/05/10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2010/03/17 16:40:00 | 005,878,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/11 00:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/12/23 16:19:17 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/07 16:06:00 | 000,105,088 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "my.yahoo.com|gmail.com|facebook.com"
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo....8&fr=megaup&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/02/27 10:47:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0D0D9EE8-AF1A-495F-90B7-7601B734C214}: C:\Documents and Settings\Lawrence Ho\Local Settings\Application Data\{0D0D9EE8-AF1A-495F-90B7-7601B734C214} [2011/03/26 10:45:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 16:14:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 11:09:34 | 000,000,000 | ---D | M]

[2010/07/29 15:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lawrence Ho\Application Data\Mozilla\Extensions
[2011/03/27 00:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lawrence Ho\Application Data\Mozilla\Firefox\Profiles\mh0jtljh.default\extensions
[2010/07/30 00:45:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lawrence Ho\Application Data\Mozilla\Firefox\Profiles\mh0jtljh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 17:19:41 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Lawrence Ho\Application Data\Mozilla\Firefox\Profiles\mh0jtljh.default\extensions\[email protected]
[2008/11/20 21:52:13 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Application Data\Mozilla\Firefox\Profiles\mh0jtljh.default\searchplugins\dictionarycom.xml
[2008/11/23 20:35:01 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Application Data\Mozilla\Firefox\Profiles\mh0jtljh.default\searchplugins\urban-dictionary.xml
[2010/05/23 21:50:21 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Application Data\Mozilla\Firefox\Profiles\mh0jtljh.default\searchplugins\yelp.xml
[2008/11/19 00:30:50 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Application Data\Mozilla\Firefox\Profiles\mh0jtljh.default\searchplugins\youtube-video-search.xml
[2011/03/27 00:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 13:52:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/27 10:47:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/07/29 13:52:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/29 13:52:00 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/03/26 23:17:02 | 000,415,577 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14347 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Hlezime] C:\WINDOWS\nopsrdp.dll (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lawrence Ho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lawrence Ho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/28 13:57:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ca1e4c35-9bf0-11df-b59a-001d9264080a}\Shell - "" = AutoRun
O33 - MountPoints2\{ca1e4c35-9bf0-11df-b59a-001d9264080a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca1e4c35-9bf0-11df-b59a-001d9264080a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 00:41:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lawrence Ho\Desktop\OTL.exe
[2011/03/26 18:09:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Lawrence Ho\Desktop\HijackThis.exe
[2011/03/26 12:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/26 12:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/26 10:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/26 10:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/26 10:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/26 10:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence Ho\Local Settings\Application Data\{0D0D9EE8-AF1A-495F-90B7-7601B734C214}
[2011/03/05 22:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence Ho\Application Data\LolClient
[2011/03/05 21:51:40 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/03/05 21:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Riot Games
[2011/03/05 17:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence Ho\Start Menu\Programs\Revo Uninstaller
[2011/03/05 17:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence Ho\Local Settings\Application Data\PMB Files
[2011/03/05 17:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/03/05 17:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/02/27 10:47:41 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/27 00:42:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lawrence Ho\Desktop\OTL.exe
[2011/03/27 00:37:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/27 00:23:52 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/27 00:23:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/26 23:49:02 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1647877149-1417001333-1003UA.job
[2011/03/26 23:17:02 | 000,415,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/26 23:16:49 | 000,415,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110326-231702.backup
[2011/03/26 23:10:03 | 000,012,586 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/26 23:09:51 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/26 23:09:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/26 19:41:34 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/03/26 18:09:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Lawrence Ho\Desktop\HijackThis.exe
[2011/03/26 15:49:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1647877149-1417001333-1003Core.job
[2011/03/26 15:14:05 | 002,360,910 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Desktop\New_Cadet_Week_Manual_2010.pdf
[2011/03/26 10:43:36 | 000,012,586 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/03/25 20:51:33 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Desktop\Google Chrome.lnk
[2011/03/25 20:51:33 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/21 23:46:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/21 23:46:32 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/20 22:38:27 | 000,842,892 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Desktop\CADET_REGS_18JAN11.pdf
[2011/03/18 01:28:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 11:15:53 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 11:15:53 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/07 01:06:51 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 21:56:25 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Desktop\Play League of Legends.lnk
[2011/03/05 17:25:29 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Lawrence Ho\Desktop\Revo Uninstaller.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/26 15:13:10 | 002,360,910 | ---- | C] () -- C:\Documents and Settings\Lawrence Ho\Desktop\New_Cadet_Week_Manual_2010.pdf
[2011/03/26 10:53:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/20 22:38:02 | 000,842,892 | ---- | C] () -- C:\Documents and Settings\Lawrence Ho\Desktop\CADET_REGS_18JAN11.pdf
[2011/03/05 21:56:25 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Lawrence Ho\Desktop\Play League of Legends.lnk
[2010/12/05 04:23:51 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2010/12/03 22:01:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Lawrence Ho\Application Data\steam_md4.dat
[2010/09/23 22:02:13 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Lawrence Ho\Application Data\$_hpcst$.hpc
[2010/09/17 23:55:26 | 000,001,110 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2010/09/12 21:17:54 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010/08/24 00:39:54 | 000,788,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/06 00:58:35 | 000,036,040 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/05 20:08:39 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/04 16:51:28 | 000,001,172 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2010/08/01 11:23:39 | 000,069,632 | ---- | C] () -- C:\WINDOWS\UNINSTCC.EXE
[2010/07/31 11:54:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE
[2010/07/30 12:34:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2010/07/30 09:35:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/07/30 08:40:35 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/07/29 20:33:33 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/07/29 20:33:33 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Lawrence Ho\Application Data\PnkBstrK.sys
[2010/07/29 20:33:17 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/07/29 20:33:16 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/07/29 20:33:15 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/07/29 20:21:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/29 15:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/29 15:05:10 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Lawrence Ho\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/29 13:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/07/29 13:24:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/07/28 13:59:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 13:55:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/28 06:23:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/28 06:22:46 | 000,191,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/10 21:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/10 21:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/04/23 15:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/07/29 16:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/07/29 14:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/18 20:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/11 01:07:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2010/12/02 20:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Frozen Codebase LLC
[2010/11/20 23:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/11/20 23:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/11/29 16:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/03/05 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/07/30 09:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/11/29 18:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/23 20:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/03/26 17:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/07/30 22:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/07/29 22:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/26 16:14:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
[2010/07/29 20:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\acccore
[2011/01/19 00:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\Acoustica
[2011/01/19 01:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\Applied Acoustics Systems
[2010/08/29 00:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\Blackberry Desktop
[2011/02/12 13:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\FreeFLVConverter
[2011/02/13 21:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\FrostWire
[2010/07/29 20:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\GetRightToGo
[2010/11/29 15:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\gtk-2.0
[2010/07/31 12:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\ImgBurn
[2010/12/11 02:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\Local
[2011/03/05 22:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\LolClient
[2010/11/20 23:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\Nokia
[2010/07/29 16:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\OpenOffice.org
[2010/11/20 23:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\PC Suite
[2011/01/18 02:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\Publish Providers
[2010/08/23 20:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\Research In Motion
[2011/01/18 18:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\Sony
[2011/03/26 19:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\TeraCopy
[2011/01/19 00:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Ho\Application Data\uTorrent
[2011/03/27 00:23:52 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/02/12 06:01:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\MyDefrag v4.3.1 Daily.job
[2010/11/01 05:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\MyDefrag v4.3.1 Monthly.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP