Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirects


  • This topic is locked This topic is locked

#1
Uataylor

Uataylor

    New Member

  • Member
  • Pip
  • 8 posts
Hey everyone, long time lurker and first time poster. Unfortunately, my posting is due to an infection I seem to have recently acquired.

I was going through my program files and noticed "Ask.com" in there. Upon my deletion of the file, Winpatrol began alerting me that an IE Helper was attempting to install itself. I repeatedly denied this installation until I became frustrated with its repetitive alerts, and then I decided to allow the installation, thinking nothing of harm would come of it. (Bad decision) Following this action, whenever using Google.com, I would be redirected to the URL categoriesworld.com. I used Avast's URL blocker to block the site from being accessed, but anytime I use google, it attempts to redirect my browser there. I have scanned with SAS and MBAM, yet nothing was found.

I also attempted to implement the fix from the "How To Fix Google Redirects" thread with no results either.

Any help that can be offered will be greatly appreciated!

Attached is my OTL log.
Edited to add text of the log.

Thanks everyone,
Taylor

OTL logfile created on: 7/3/2011 1:11:31 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Taylor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 42.18% Memory free
5.95 Gb Paging File | 4.42 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.59 Gb Total Space | 275.60 Gb Free Space | 60.49% Space Free | Partition Type: NTFS
Drive D: | 10.17 Gb Total Space | 1.37 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
Drive E: | 645.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MIKEJONES | User Name: Taylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 13:08:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Taylor\Desktop\OTL.exe
PRC - [2011/06/30 21:57:41 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/22 23:19:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/16 16:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/07/03 13:08:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Taylor\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/28 10:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/26 14:55:48 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/24 17:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/25 17:59:51 | 004,385,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/18 17:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/25 14:02:04 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.080510
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.80
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {421d78a0-6f2e-11de-867e-0002a5d5c51b}:1.02
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..extensions.enabledItems: {586bd060-22d6-11de-8c30-0800200c9a66}:3.6.7

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/25 23:15:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/17 16:19:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/17 23:53:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/17 23:53:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 23:19:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 16:09:34 | 000,000,000 | ---D | M]

[2008/09/01 11:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Extensions
[2011/07/03 13:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions
[2011/06/17 23:29:30 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/08/16 16:50:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/16 16:48:57 | 000,000,000 | ---D | M] (Alabama Crimson Tide) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{421d78a0-6f2e-11de-867e-0002a5d5c51b}
[2010/12/22 11:05:02 | 000,000,000 | ---D | M] (Revelation) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
[2011/03/22 23:24:21 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/06/21 23:49:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/17 16:23:49 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/12/21 00:16:59 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/08/16 16:58:44 | 000,000,000 | ---D | M] (BloodFire 3) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\[email protected]
[2010/12/22 11:05:10 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\[email protected]
[2009/01/22 22:13:12 | 000,000,000 | ---D | M] ("Adblock Filterset.G Updater") -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\[email protected]
[2011/06/06 11:15:59 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\[email protected]
[2010/08/16 17:07:04 | 000,000,000 | ---D | M] ("Override Mozilla Firefox Guidance") -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\[email protected]
[2011/02/16 23:10:56 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\[email protected]
[2010/12/22 11:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\[email protected]\chrome
[2010/12/22 11:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\[email protected]\defaults
[2010/12/22 11:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}\chrome\win\mozapps\extensions
[2011/06/09 22:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 18:09:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 10:26:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/30 10:03:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/04 02:35:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/21 06:44:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 22:11:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/14 15:44:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\TAYLOR\APPDATA\LOCAL\{CA1819D2-9216-4F4A-AB57-5A7EFF90595D}
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\{C1970C0D-DBE6-4D91-804F-C9C0DE643A57}.XPI
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOEM8U10.DEFAULT\EXTENSIONS\[email protected]
[2011/06/22 23:19:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/09 22:11:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/18 13:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/26 21:29:11 | 000,435,303 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14982 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CheckPoint Cleanup] File not found
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [AdobeUpdater] File not found
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/05 03:45:19 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/01/19 09:47:13 | 000,467,456 | R--- | M] (Obsidian Entertainment, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/01/19 09:47:13 | 000,000,715 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8bbffa42-342a-11dd-b8f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8bbffa42-342a-11dd-b8f7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005/01/19 09:47:13 | 000,467,456 | R--- | M] (Obsidian Entertainment, Inc.)
O33 - MountPoints2\{8d5a8d5f-2d4d-11e0-b2f0-001fc6db897f}\Shell - "" = AutoRun
O33 - MountPoints2\{8d5a8d5f-2d4d-11e0-b2f0-001fc6db897f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 13:08:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Taylor\Desktop\OTL.exe
[2011/07/02 22:24:52 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\GooredFix Backups
[2011/07/01 23:07:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/07/01 12:22:58 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\Kotor_2_Vista_fix
[2011/07/01 01:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/07/01 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/06/26 11:06:57 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys
[2011/06/26 11:06:32 | 000,000,000 | ---D | C] -- C:\Users\Taylor\{f1b84d14-8e77-4905-855e-0f330230a8e8}
[2011/06/26 11:06:30 | 000,307,224 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afwcore.sys
[2011/06/26 11:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agnitum
[2011/06/26 11:04:22 | 000,029,208 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afw.sys
[2011/06/26 11:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/06/26 11:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2011/06/26 00:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/06/26 00:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/06/26 00:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/06/18 13:19:49 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\4-27 Tornado
[2011/06/10 12:16:40 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Foxit Software
[2011/06/09 22:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/09 22:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/09 22:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/09 22:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/09 22:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/06 23:31:53 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\HTML
[2011/06/06 22:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/06/06 22:27:01 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\WinPatrol
[2011/06/05 12:55:31 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\Trevor

========== Files - Modified Within 30 Days ==========

[2011/07/03 13:08:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Taylor\Desktop\OTL.exe
[2011/07/03 12:46:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/03 12:27:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/03 12:27:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/03 10:32:05 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/07/03 10:30:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/03 10:27:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/03 10:27:08 | 3085,393,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 23:51:48 | 000,000,944 | ---- | M] () -- C:\Users\Taylor\Desktop\swkotor2 - Shortcut.lnk
[2011/07/01 01:37:22 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/06/26 21:29:11 | 000,435,303 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/18 16:09:34 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/18 13:54:45 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/18 13:54:45 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/18 13:53:37 | 000,005,632 | ---- | M] () -- C:\Users\Taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 23:01:18 | 000,434,967 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110626-212911.backup
[2011/06/09 22:25:38 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/06 23:09:02 | 000,020,992 | ---- | M] () -- C:\Windows\jestertb.dll
[2011/06/06 22:38:49 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011/06/05 23:42:28 | 337,199,006 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/07/02 22:34:21 | 3085,393,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/01 23:51:48 | 000,000,944 | ---- | C] () -- C:\Users\Taylor\Desktop\swkotor2 - Shortcut.lnk
[2011/07/01 01:37:22 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/06/26 11:04:23 | 000,000,049 | ---- | C] () -- C:\Windows\transp.gif
[2011/06/18 16:09:34 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/18 16:09:34 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/09 22:25:38 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/06 23:09:02 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/06/06 22:38:33 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011/05/23 02:11:56 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/30 09:28:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/30 09:26:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/30 09:26:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 21:35:10 | 000,007,944 | ---- | C] () -- C:\Users\Taylor\AppData\Local\d3d9caps.dat
[2010/11/09 22:46:45 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/09 22:46:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/09 22:42:31 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/04/25 23:14:46 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/25 22:58:45 | 000,077,377 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/22 01:22:47 | 000,139,336 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/02/22 00:53:00 | 000,214,720 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/02/22 00:52:52 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/02/22 00:52:52 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/01/22 19:23:53 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/01/22 19:23:53 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/01/13 17:21:05 | 000,005,632 | ---- | C] () -- C:\Users\Taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/08 14:25:27 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/01/04 22:33:47 | 000,055,714 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/10/21 11:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/10/21 11:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/09/01 17:51:04 | 000,165,447 | ---- | C] () -- C:\Windows\hpoins28.dat
[2008/08/31 21:16:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/07/31 23:47:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/07/31 23:15:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/05/11 22:49:03 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008/05/05 03:45:32 | 000,691,481 | ---- | C] () -- C:\Windows\unins000.exe
[2008/05/05 03:45:32 | 000,001,446 | ---- | C] () -- C:\Windows\unins000.dat
[2008/05/05 03:25:32 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/05/05 03:25:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,410,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/09/08 20:30:31 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\secdrv.sys
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/12/01 02:08:38 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\.minecraft
[2010/12/23 02:46:05 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Auslogics
[2011/01/21 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\calibre
[2010/09/27 00:54:02 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\fltk.org
[2011/06/10 12:16:40 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Foxit Software
[2008/09/14 21:34:54 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\LucasArts
[2011/05/20 11:43:09 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\OpenDNS Updater
[2011/05/19 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\QFX Software
[2011/04/17 19:29:50 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\QuickScan
[2008/08/31 18:18:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Snapfish
[2009/04/15 04:07:37 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\SoundSpectrum
[2009/03/29 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\WinBatch
[2011/06/06 22:27:01 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\WinPatrol
[2011/07/03 01:43:02 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   79.12KB   36 downloads

Edited by Uataylor, 03 July 2011 - 04:31 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Uataylor and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/06/06 23:09:02 | 000,020,992 | ---- | M] () -- C:\Windows\jestertb.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
Uataylor

Uataylor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
========== OTL ==========
C:\Windows\jestertb.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Taylor\Desktop\cmd.bat deleted successfully.
C:\Users\Taylor\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.25.0 log created on 07072011_013004

Attached Files


  • 0

#4
Uataylor

Uataylor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Think something may have gone wrong with this log..

ComboFix 11-07-06.06 - Taylor 07/07/2011 1:42:50.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1808 [GMT -5:00]
Running from: C:\Users\Taylor\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Attached Files


  • 0

#5
Uataylor

Uataylor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-07 02:16:01
-----------------------------
02:16:01.896 OS Version: Windows 6.0.6002 Service Pack 2
02:16:01.896 Number of processors: 1 586 0x6B02
02:16:01.896 ComputerName: MIKEJONES UserName: Taylor
02:16:19.649 Initialize success
02:16:20.008 AVAST engine defs: 11070601
02:16:25.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
02:16:25.483 Disk 0 Vendor: ST350062 HP21 Size: 476940MB BusType: 6
02:16:27.511 Disk 0 MBR read successfully
02:16:27.511 Disk 0 MBR scan
02:16:27.511 Disk 0 unknown MBR code
02:16:29.539 Disk 0 scanning sectors +976768065
02:16:29.555 Disk 0 scanning C:\Windows\system32\drivers
02:16:41.598 Service scanning
02:16:42.877 Disk 0 trace - called modules:
02:16:42.893 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
02:16:42.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8679e398]
02:16:42.893 3 CLASSPNP.SYS[807368b3] -> nt!IofCallDriver -> [0x8622bf08]
02:16:42.908 5 acpi.sys[806136bc] -> nt!IofCallDriver -> \Device\00000062[0x85df18f0]
02:16:44.250 AVAST engine scan C:\Windows
04:21:58.073 AVAST engine scan C:\Users\Taylor
04:43:08.682 AVAST engine scan C:\ProgramData
04:51:29.272 Scan finished successfully
07:49:22.306 Disk 0 MBR has been saved successfully to "C:\Users\Taylor\Desktop\MBR.dat"
07:49:22.306 The log file has been saved successfully to "C:\Users\Taylor\Desktop\aswMBR.txt"

Attached Files


  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That's weird... Try to run Combofix from Safe Mode.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#7
Uataylor

Uataylor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Alright, edited this post. It worked this time. Sorry for the delay again. Not sure why it claimed that avast! was enabled, I had disabled all the active protections associated with the program.

ComboFix 11-07-08.03 - Taylor 07/09/2011 9:48.3.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.2357 [GMT -5:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))))
.
.
2011-07-09 14:55 . 2011-07-09 14:55 -------- d-----w- c:\users\Taylor\AppData\Local\temp
2011-07-09 14:55 . 2011-07-09 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-09 14:36 . 2011-07-09 14:36 -------- d-----w- c:\program files\Apple Software Update
2011-07-07 06:30 . 2011-07-07 06:30 -------- d-----w- C:\_OTL
2011-07-07 04:29 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA94BFA7-B26B-4EDA-8021-7799DFA05167}\mpengine.dll
2011-07-05 05:21 . 2011-07-05 05:26 -------- d-----w- c:\program files\Windows Live
2011-07-05 05:19 . 2011-07-05 05:19 -------- d-----w- c:\users\Taylor\AppData\Local\Windows Live
2011-07-05 05:19 . 2011-07-05 05:19 -------- d-----w- c:\program files\Common Files\Windows Live
2011-07-05 05:19 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-07-05 05:02 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-07-05 05:02 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2011-07-05 05:02 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-07-05 05:02 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-07-05 05:02 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-07-05 05:02 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-07-05 05:02 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-07-05 05:02 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-07-05 05:02 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-07-05 05:02 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-02 04:09 . 2008-07-31 15:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2011-07-02 04:09 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-07-02 04:09 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-07-02 04:09 . 2008-07-10 16:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-07-02 04:09 . 2008-07-10 16:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-07-02 04:09 . 2008-07-10 16:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-07-01 06:49 . 2011-07-01 06:49 -------- d-----w- c:\program files\7-Zip
2011-07-01 06:37 . 2011-07-01 06:37 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-06-28 23:23 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-26 16:06 . 2009-04-06 16:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2011-06-26 16:06 . 2011-06-26 16:06 -------- d-----w- c:\users\Taylor\{f1b84d14-8e77-4905-855e-0f330230a8e8}
2011-06-26 16:06 . 2009-02-10 21:12 307224 ----a-w- c:\windows\system32\drivers\afwcore.sys
2011-06-26 16:04 . 2009-02-18 22:27 29208 ----a-w- c:\windows\system32\drivers\afw.sys
2011-06-26 16:04 . 2011-06-26 16:04 -------- d-----w- c:\program files\Agnitum
2011-06-26 16:03 . 2011-06-26 16:22 -------- d-----w- c:\programdata\Agnitum
2011-06-26 05:32 . 2011-06-26 05:32 -------- d-----w- c:\program files\BillP Studios
2011-06-26 05:32 . 2011-06-26 05:32 -------- d-----w- c:\programdata\InstallMate
2011-06-23 04:19 . 2011-06-23 04:19 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 04:19 . 2011-06-23 04:19 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-18 16:39 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-18 16:39 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-18 16:39 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-18 03:15 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-18 03:15 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-18 03:15 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-18 03:15 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-18 03:15 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-18 03:15 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-18 03:15 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-18 03:15 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-18 03:15 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-10 17:16 . 2011-06-10 17:16 -------- d-----w- c:\users\Taylor\AppData\Roaming\Foxit Software
2011-06-10 03:24 . 2011-06-10 03:24 -------- d-----w- c:\program files\iPod
2011-06-10 03:24 . 2011-06-10 03:25 -------- d-----w- c:\program files\iTunes
2011-06-10 03:16 . 2011-06-10 03:16 -------- d-----w- c:\program files\Bonjour
2011-06-10 03:12 . 2011-06-10 03:12 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-05 05:21 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-04 11:43 . 2011-05-06 03:08 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-05-06 03:08 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-06 03:09 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-05-06 03:09 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-05-06 03:09 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-05-06 03:09 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-05-06 03:09 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-05-06 03:09 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-03 03:52 . 2011-05-19 21:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 03:11 . 2010-05-03 23:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 14:11 . 2011-04-18 15:33 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-04-26 00:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 00:14 . 2009-10-02 17:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-23 07:04 . 2011-05-23 07:04 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-23 07:04 . 2011-05-23 07:04 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-23 07:04 . 2011-05-23 07:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-23 07:04 . 2011-05-23 07:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-23 07:04 . 2011-05-23 07:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-23 07:04 . 2011-05-23 07:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-23 07:04 . 2011-05-23 07:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-23 07:04 . 2011-05-23 07:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-23 07:04 . 2011-05-23 07:04 367104 ----a-w- c:\windows\system32\html.iec
2011-05-23 07:04 . 2011-05-23 07:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-23 07:04 . 2011-05-23 07:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-23 07:04 . 2011-05-23 07:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-23 07:04 . 2011-05-23 07:04 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-23 07:04 . 2011-05-23 07:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-23 07:04 . 2011-05-23 07:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-23 07:04 . 2011-05-23 07:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-23 07:04 . 2011-05-23 07:04 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-23 07:04 . 2011-05-23 07:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-23 07:04 . 2011-05-23 07:04 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-23 07:03 . 2011-05-23 07:03 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-23 07:03 . 2011-05-23 07:03 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-05-23 07:03 . 2011-05-23 07:03 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-05-23 07:03 . 2011-05-23 07:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-05-23 07:03 . 2011-05-23 07:03 2873344 ----a-w- c:\windows\system32\mf.dll
2011-05-23 07:03 . 2011-05-23 07:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-05-23 07:03 . 2011-05-23 07:03 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-05-23 07:03 . 2011-05-23 07:03 586240 ----a-w- c:\windows\system32\stobject.dll
2011-05-23 07:03 . 2011-05-23 07:03 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-05-23 07:03 . 2011-05-23 07:03 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-05-23 07:03 . 2011-05-23 07:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-05-23 07:03 . 2011-05-23 07:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-05-23 07:03 . 2011-05-23 07:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-05-23 07:03 . 2011-05-23 07:03 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-23 07:03 . 2011-05-23 07:03 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-05-23 07:03 . 2011-05-23 07:03 37376 ----a-w- c:\windows\system32\cdd.dll
2011-05-23 07:03 . 2011-05-23 07:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-05-23 07:03 . 2011-05-23 07:03 258048 ----a-w- c:\windows\system32\winspool.drv
2011-05-23 07:03 . 2011-05-23 07:03 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-23 07:03 . 2011-05-23 07:03 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-05-23 07:03 . 2011-05-23 07:03 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-23 07:03 . 2011-05-23 07:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-05-23 07:03 . 2011-05-23 07:03 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-23 07:03 . 2011-05-23 07:03 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-05-23 07:02 . 2011-05-23 07:02 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-05-23 07:02 . 2011-05-23 07:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-05-23 07:02 . 2011-05-23 07:02 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-05-23 07:02 . 2011-05-23 07:02 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-05-23 07:02 . 2011-05-23 07:02 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-05-23 07:02 . 2011-05-23 07:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-05-23 07:02 . 2011-05-23 07:02 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-05-23 07:02 . 2011-05-23 07:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-04-24 22:14 . 2011-05-19 21:39 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-06-23 04:19 . 2011-03-23 05:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Adobe ARM"="c:\program files\COMMON FILES\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
NETGEAR WPN311 Smart Wizard.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2007-4-10 1695744]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-04-06 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 gupdate1c9bc0011877bf5;Google Update Service (gupdate1c9bc0011877bf5);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 307224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 29208]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 15:42]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 06:20]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 06:20]
.
2008-10-28 c:\windows\Tasks\WebReg HP Deskjet F4200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-26 01:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{A61E1BE4-9615-4559-9135-3AB04F6099A9}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\loem8u10.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-AdobeUpdater - c:\program files\COMMON FILES\ADOBE\UPDATER5\ADOBEUPDATER.EXE
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-hpqSRMon - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Taylor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-09 09:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-09 09:58:13
ComboFix-quarantined-files.txt 2011-07-09 14:58
.
Pre-Run: 306,711,990,272 bytes free
Post-Run: 306,589,048,832 bytes free
.
- - End Of File - - 712A37BC3FC67B68B9FC1505F416FC47

Attached Files


Edited by Uataylor, 09 July 2011 - 09:01 AM.

  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Uataylor,

How is your system now? Do you still get redirected?
  • 0

#9
Uataylor

Uataylor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I have not noticed any more redirects so far.. thank you so much mali! Is my machine "clean" now? If so, what was the name of the infection that had found its way onto my computer?

Thank you so much again :)
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Uataylor,

I don't know exactly the name because it is generic infection. You had infected driver and we removed it. That was main infection on your system. Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#11
Uataylor

Uataylor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Alright, thanks so much for your help. I really appreciate the work that people like you do here at Geekstogo. Hopefully I will see you around the forums in the future, although not for the reasons we first met.. :)
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hope to see you too! Goodbye and stay safe :)
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP