Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirect?

Started by RookiePc , Aug 01 2011 04:02 AM

This topic is locked

#1
RookiePc

Posted 01 August 2011 - 04:02 AM

Member

Member
22 posts

Hello,

Experiencing redirects while trying to browse. Not my netbook, nothing was being done at time of redirects besides browsing. Not experiencing any other issues thus far. Any help is greatly appreciated.

OTL logfile created on: 8/1/2011 2:49:48 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Little\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.20 Mb Total Physical Memory | 325.67 Mb Available Physical Memory | 32.17% Memory free
1.99 Gb Paging File | 1.06 Gb Available in Paging File | 53.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.75 Gb Total Space | 187.06 Gb Free Space | 85.91% Space Free | Partition Type: NTFS
Drive D: | 14.84 Gb Total Space | 2.14 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 94.91 Mb Free Space | 95.69% Space Free | Partition Type: FAT32

Computer Name: LITTLE-PC | User Name: Little | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 02:42:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little\Desktop\OTL.exe
PRC - [2011/07/31 19:04:03 | 000,839,680 | ---- | M] () -- C:\Windows\System32\propsys32.exe
PRC - [2011/07/31 19:04:03 | 000,839,680 | ---- | M] () -- C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe
PRC - [2011/03/27 13:01:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/07 23:42:13 | 000,729,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
PRC - [2010/05/13 11:05:44 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/09 15:43:38 | 000,026,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/04/09 15:42:00 | 000,601,144 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/04/05 11:12:02 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010/04/05 11:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010/03/31 18:53:18 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/03/30 16:40:18 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/02/26 03:03:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe
PRC - [2009/10/13 10:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/08/01 02:42:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little\Desktop\OTL.exe
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/31 19:04:03 | 000,839,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\propsys32.exe -- (SstpSvc32)
SRV - [2010/04/09 15:43:38 | 000,026,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/04/05 11:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/03/31 18:53:18 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe -- (STacSV)
SRV - [2010/01/04 11:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

========== Driver Services (SafeList) ==========

DRV - [2010/02/26 03:03:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/08 22:57:16 | 000,186,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/11/11 13:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009/08/29 17:16:41 | 000,325,168 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\NIS\1100000.088\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/29 17:16:41 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1100000.088\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/29 02:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/29 02:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS -- (NAVENG)
DRV - [2009/07/13 15:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 82 12 17 98 12 95 4E 9C F6 9E E4 E0 49 43 F6 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {db6c54c7-ddd5-4e4a-936a-4f15dca8e22d}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/07/07 23:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/07 23:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 13:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/01 02:40:58 | 000,000,000 | ---D | M]

[2010/09/19 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Little\AppData\Roaming\Mozilla\Extensions
[2011/07/31 23:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Little\AppData\Roaming\Mozilla\Firefox\Profiles\721cst0z.default\extensions
[2011/07/31 19:08:20 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Little\AppData\Roaming\Mozilla\Firefox\Profiles\721cst0z.default\extensions\{db6c54c7-ddd5-4e4a-936a-4f15dca8e22d}
[2010/09/22 22:54:46 | 000,001,834 | ---- | M] () -- C:\Users\Little\AppData\Roaming\Mozilla\Firefox\Profiles\721cst0z.default\searchplugins\bing.xml
[2011/07/31 19:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/31 19:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/31 19:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {17128225-1298-4E95-9CF6-9EE4E04943F6} - C:\Windows\System32\api-ms-win-core-fibers-l1-1-032.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 02:42:44 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Little\Desktop\OTL.exe
[2011/08/01 02:39:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/31 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/29 22:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

========== Files - Modified Within 30 Days ==========

[2011/08/01 02:42:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little\Desktop\OTL.exe
[2011/08/01 02:40:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/01 02:33:32 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 02:33:32 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 02:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/01 02:25:55 | 796,020,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/31 23:17:51 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLittle.job
[2011/07/31 19:08:21 | 000,000,083 | ---- | M] () -- C:\Windows\System32\2047248330
[2011/07/31 19:08:18 | 000,467,968 | ---- | M] () -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-032.dll
[2011/07/31 19:04:03 | 000,839,680 | ---- | M] () -- C:\Windows\System32\propsys32.exe
[2011/07/31 19:04:03 | 000,839,680 | ---- | M] () -- C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe
[2011/07/24 00:36:25 | 000,001,868 | ---- | M] () -- C:\Users\Little\Desktop\fergie 2.jpg
[2011/07/24 00:33:13 | 000,002,024 | ---- | M] () -- C:\Users\Little\Desktop\fergie.jpg
[2011/07/24 00:12:04 | 000,027,581 | ---- | M] () -- C:\Users\Little\Desktop\429243708_tp.jpg
[2011/07/23 23:03:34 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/23 23:03:34 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/23 07:04:18 | 002,123,866 | ---- | M] () -- C:\Users\Little\Desktop\DSC01919.JPG
[2011/07/23 06:47:32 | 002,055,896 | ---- | M] () -- C:\Users\Little\Desktop\DSC01918.JPG
[2011/07/23 06:46:58 | 002,013,554 | ---- | M] () -- C:\Users\Little\Desktop\DSC01916.JPG

========== Files Created - No Company Name ==========

[2011/08/01 02:40:59 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/31 19:08:21 | 000,839,680 | ---- | C] () -- C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe
[2011/07/31 19:08:20 | 000,839,680 | ---- | C] () -- C:\Windows\System32\propsys32.exe
[2011/07/31 19:08:20 | 000,000,083 | ---- | C] () -- C:\Windows\System32\2047248330
[2011/07/31 19:08:18 | 000,467,968 | ---- | C] () -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-032.dll
[2011/07/24 00:36:24 | 000,001,868 | ---- | C] () -- C:\Users\Little\Desktop\fergie 2.jpg
[2011/07/24 00:33:12 | 000,002,024 | ---- | C] () -- C:\Users\Little\Desktop\fergie.jpg
[2011/07/24 00:12:01 | 000,027,581 | ---- | C] () -- C:\Users\Little\Desktop\429243708_tp.jpg
[2011/07/23 07:04:18 | 002,123,866 | ---- | C] () -- C:\Users\Little\Desktop\DSC01919.JPG
[2011/07/23 06:47:32 | 002,055,896 | ---- | C] () -- C:\Users\Little\Desktop\DSC01918.JPG
[2011/07/23 06:46:58 | 002,013,554 | ---- | C] () -- C:\Users\Little\Desktop\DSC01916.JPG
[2010/07/07 23:30:09 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/07/07 23:21:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/07/07 23:19:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/07/07 23:19:45 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010/05/13 14:04:57 | 000,000,188 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,336,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,615,360 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,103,702 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 15:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/09 21:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/06 20:37:20 | 000,000,000 | ---D | M] -- C:\Users\Little\AppData\Roaming\WildTangent
[2011/08/01 02:39:31 | 000,000,000 | ---D | M] -- C:\Users\Little\AppData\Roaming\ZumoDrive
[2011/03/22 02:36:17 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#2
maliprog

Posted 01 August 2011 - 05:11 AM

Trusted Helper

Malware Removal
6,172 posts

Hello RookiePc and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {17128225-1298-4E95-9CF6-9EE4E04943F6} - C:\Windows\System32\api-ms-win-core-fibers-l1-1-032.dll ()
[2011/07/31 19:08:18 | 000,467,968 | ---- | M] () -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-032.dll
[2011/07/31 19:04:03 | 000,839,680 | ---- | M] () -- C:\Windows\System32\propsys32.exe
[2011/07/31 19:04:03 | 000,839,680 | ---- | M] () -- C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe
[2010/07/07 23:30:09 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

:Files
ipconfig /flushdns /c

:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

Extract the zip file to its own folder.
Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
Click Start scan to start scanning.
If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
Click Continue button
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

OTL fix log
TDSSKiller log
aswMBR log

It would be helpful if you could post each log in separate post

#3
RookiePc

Posted 01 August 2011 - 01:05 PM

Member

Topic Starter
Member
22 posts

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17128225-1298-4E95-9CF6-9EE4E04943F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17128225-1298-4E95-9CF6-9EE4E04943F6}\ deleted successfully.
C:\Windows\System32\api-ms-win-core-fibers-l1-1-032.dll moved successfully.
File C:\Windows\System32\api-ms-win-core-fibers-l1-1-032.dll not found.
C:\Windows\System32\propsys32.exe moved successfully.
C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe moved successfully.
C:\Windows\System32\bcmwlrc.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Little\Desktop\cmd.bat deleted successfully.
C:\Users\Little\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08012011_114212

#4
RookiePc

Posted 01 August 2011 - 01:07 PM

Member

Topic Starter
Member
22 posts

2011/08/01 12:06:41.0029 3684 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/01 12:06:41.0681 3684 ================================================================================
2011/08/01 12:06:41.0681 3684 SystemInfo:
2011/08/01 12:06:41.0681 3684
2011/08/01 12:06:41.0681 3684 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/01 12:06:41.0681 3684 Product type: Workstation
2011/08/01 12:06:41.0682 3684 ComputerName: LITTLE-PC
2011/08/01 12:06:41.0682 3684 UserName: Little
2011/08/01 12:06:41.0682 3684 Windows directory: C:\Windows
2011/08/01 12:06:41.0682 3684 System windows directory: C:\Windows
2011/08/01 12:06:41.0682 3684 Processor architecture: Intel x86
2011/08/01 12:06:41.0682 3684 Number of processors: 2
2011/08/01 12:06:41.0682 3684 Page size: 0x1000
2011/08/01 12:06:41.0683 3684 Boot type: Normal boot
2011/08/01 12:06:41.0683 3684 ================================================================================
2011/08/01 12:06:42.0290 3684 Initialize success
2011/08/01 12:06:45.0948 2848 ================================================================================
2011/08/01 12:06:45.0949 2848 Scan started
2011/08/01 12:06:45.0949 2848 Mode: Manual;
2011/08/01 12:06:45.0949 2848 ================================================================================
2011/08/01 12:06:46.0418 2848 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/01 12:06:46.0535 2848 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/01 12:06:46.0614 2848 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/01 12:06:46.0711 2848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/01 12:06:46.0817 2848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/01 12:06:46.0907 2848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/01 12:06:47.0092 2848 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/08/01 12:06:47.0194 2848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/01 12:06:47.0292 2848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/01 12:06:47.0378 2848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/01 12:06:47.0498 2848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/08/01 12:06:47.0573 2848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/01 12:06:47.0676 2848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/01 12:06:47.0751 2848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/01 12:06:47.0833 2848 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/01 12:06:47.0938 2848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/01 12:06:47.0999 2848 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/01 12:06:48.0081 2848 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/08/01 12:06:48.0256 2848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/01 12:06:48.0314 2848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/01 12:06:48.0375 2848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/01 12:06:48.0425 2848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/01 12:06:48.0555 2848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/01 12:06:48.0623 2848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/01 12:06:48.0794 2848 BCM43XX (3da1c04ea8c09a9f77a951d5ae4f8cfc) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/01 12:06:48.0899 2848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/01 12:06:49.0026 2848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/01 12:06:49.0103 2848 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/01 12:06:49.0171 2848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/01 12:06:49.0225 2848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/01 12:06:49.0318 2848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/01 12:06:49.0393 2848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/01 12:06:49.0457 2848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/01 12:06:49.0532 2848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/01 12:06:49.0606 2848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/01 12:06:49.0722 2848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/01 12:06:49.0785 2848 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/01 12:06:49.0871 2848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/01 12:06:49.0934 2848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/01 12:06:50.0008 2848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/01 12:06:50.0076 2848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/01 12:06:50.0178 2848 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/01 12:06:50.0241 2848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/01 12:06:50.0321 2848 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/01 12:06:50.0404 2848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/01 12:06:50.0568 2848 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/08/01 12:06:50.0641 2848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/01 12:06:50.0707 2848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/01 12:06:50.0831 2848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/01 12:06:50.0907 2848 DVMIO (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\Windows\system32\DRIVERS\dvmio.sys
2011/08/01 12:06:51.0006 2848 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/01 12:06:51.0190 2848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/01 12:06:51.0312 2848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/01 12:06:51.0389 2848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/01 12:06:51.0518 2848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/01 12:06:51.0575 2848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/01 12:06:51.0669 2848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/01 12:06:51.0784 2848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/01 12:06:51.0841 2848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/01 12:06:51.0900 2848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/01 12:06:51.0969 2848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/01 12:06:52.0067 2848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/01 12:06:52.0125 2848 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/01 12:06:52.0191 2848 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/01 12:06:52.0264 2848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/01 12:06:52.0374 2848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/01 12:06:52.0448 2848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/01 12:06:52.0520 2848 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/08/01 12:06:52.0582 2848 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/01 12:06:52.0636 2848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/01 12:06:52.0701 2848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/01 12:06:52.0771 2848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/01 12:06:52.0858 2848 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/01 12:06:53.0054 2848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/01 12:06:53.0148 2848 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/08/01 12:06:53.0213 2848 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/01 12:06:53.0303 2848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/01 12:06:53.0408 2848 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/01 12:06:53.0482 2848 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/01 12:06:53.0711 2848 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/01 12:06:53.0882 2848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/01 12:06:53.0992 2848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/01 12:06:54.0082 2848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/01 12:06:54.0178 2848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/01 12:06:54.0292 2848 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/01 12:06:54.0335 2848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/01 12:06:54.0424 2848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/01 12:06:54.0486 2848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/01 12:06:54.0555 2848 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/01 12:06:54.0622 2848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/01 12:06:54.0685 2848 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/01 12:06:54.0779 2848 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/01 12:06:54.0828 2848 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/01 12:06:54.0974 2848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/01 12:06:55.0105 2848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/01 12:06:55.0165 2848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/01 12:06:55.0228 2848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/01 12:06:55.0289 2848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/01 12:06:55.0350 2848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/01 12:06:55.0415 2848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/01 12:06:55.0481 2848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/01 12:06:55.0559 2848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/01 12:06:55.0620 2848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/01 12:06:55.0679 2848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/01 12:06:55.0745 2848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/01 12:06:55.0810 2848 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/08/01 12:06:55.0876 2848 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/01 12:06:55.0931 2848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/01 12:06:56.0015 2848 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/01 12:06:56.0101 2848 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/01 12:06:56.0151 2848 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/01 12:06:56.0217 2848 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/01 12:06:56.0282 2848 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/01 12:06:56.0352 2848 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/01 12:06:56.0459 2848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/01 12:06:56.0515 2848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/01 12:06:56.0574 2848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/01 12:06:56.0686 2848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/01 12:06:56.0737 2848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/01 12:06:56.0797 2848 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/01 12:06:56.0870 2848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/01 12:06:56.0949 2848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/01 12:06:57.0003 2848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/01 12:06:57.0072 2848 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/01 12:06:57.0139 2848 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/01 12:06:57.0230 2848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/01 12:06:57.0335 2848 NAVENG (78d629767dbcdbb1ee888f4fda841acd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS
2011/08/01 12:06:57.0430 2848 NAVEX15 (6176ce576509ee71bac1b61fc8f1f138) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS
2011/08/01 12:06:57.0523 2848 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/08/01 12:06:57.0606 2848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/01 12:06:57.0659 2848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/01 12:06:57.0745 2848 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/01 12:06:57.0801 2848 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/01 12:06:57.0859 2848 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/08/01 12:06:57.0925 2848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/01 12:06:57.0993 2848 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/01 12:06:58.0227 2848 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/08/01 12:06:58.0373 2848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/01 12:06:58.0464 2848 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/01 12:06:58.0548 2848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/01 12:06:58.0654 2848 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/08/01 12:06:58.0737 2848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/01 12:06:58.0803 2848 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/01 12:06:58.0861 2848 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/01 12:06:58.0929 2848 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/01 12:06:59.0001 2848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/01 12:06:59.0126 2848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/01 12:06:59.0182 2848 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/08/01 12:06:59.0251 2848 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/01 12:06:59.0327 2848 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/08/01 12:06:59.0390 2848 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/01 12:06:59.0464 2848 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/01 12:06:59.0525 2848 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/01 12:06:59.0600 2848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/01 12:06:59.0903 2848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/01 12:06:59.0959 2848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/01 12:07:00.0065 2848 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/01 12:07:00.0164 2848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/01 12:07:00.0244 2848 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/01 12:07:00.0321 2848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/01 12:07:00.0393 2848 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/01 12:07:00.0451 2848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/01 12:07:00.0513 2848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/01 12:07:00.0579 2848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/01 12:07:00.0644 2848 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/01 12:07:00.0736 2848 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/01 12:07:00.0790 2848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/01 12:07:00.0850 2848 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/01 12:07:00.0928 2848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/01 12:07:00.0993 2848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/01 12:07:01.0061 2848 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/08/01 12:07:01.0126 2848 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/08/01 12:07:01.0267 2848 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/01 12:07:01.0355 2848 RSUSBSTOR (867beb23207ba425c85293bb0d3ea971) C:\Windows\system32\Drivers\RtsUStor.sys
2011/08/01 12:07:01.0420 2848 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/08/01 12:07:01.0527 2848 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/01 12:07:01.0608 2848 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/01 12:07:01.0715 2848 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/01 12:07:01.0820 2848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/01 12:07:01.0930 2848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/01 12:07:01.0992 2848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/01 12:07:02.0071 2848 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/01 12:07:02.0201 2848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/01 12:07:02.0262 2848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/01 12:07:02.0324 2848 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/01 12:07:02.0379 2848 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/01 12:07:02.0480 2848 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/08/01 12:07:02.0535 2848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/01 12:07:02.0616 2848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/01 12:07:02.0677 2848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/01 12:07:02.0779 2848 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/01 12:07:02.0932 2848 SRTSP (00f20cf8956b22c392aaae949d84c3e8) C:\Windows\system32\drivers\NIS\1100000.088\SRTSP.SYS
2011/08/01 12:07:02.0994 2848 SRTSPX (bc2d2c9e48d14d3d19f1dbd47bf5b203) C:\Windows\system32\drivers\NIS\1100000.088\SRTSPX.SYS
2011/08/01 12:07:03.0120 2848 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2011/08/01 12:07:03.0233 2848 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/01 12:07:03.0296 2848 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/01 12:07:03.0385 2848 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/01 12:07:03.0462 2848 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/01 12:07:03.0564 2848 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/01 12:07:03.0708 2848 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/01 12:07:03.0792 2848 STHDA (02b3ef45094f090e397eea46cbed7b9e) C:\Windows\system32\DRIVERS\stwrt.sys
2011/08/01 12:07:03.0880 2848 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/01 12:07:04.0091 2848 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/01 12:07:04.0337 2848 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/08/01 12:07:04.0458 2848 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/01 12:07:04.0550 2848 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/01 12:07:04.0637 2848 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/08/01 12:07:04.0690 2848 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/01 12:07:04.0765 2848 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/01 12:07:04.0820 2848 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/01 12:07:05.0016 2848 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/01 12:07:05.0084 2848 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/01 12:07:05.0160 2848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/01 12:07:05.0229 2848 udfs (2efee45a340e1590e37c2f2bac16d051) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/01 12:07:05.0345 2848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/01 12:07:05.0407 2848 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/01 12:07:05.0479 2848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/01 12:07:05.0572 2848 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/01 12:07:05.0635 2848 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/01 12:07:05.0706 2848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/01 12:07:05.0766 2848 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/01 12:07:05.0826 2848 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/01 12:07:05.0892 2848 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/01 12:07:05.0959 2848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/01 12:07:06.0020 2848 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/01 12:07:06.0080 2848 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/01 12:07:06.0182 2848 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/01 12:07:06.0276 2848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/01 12:07:06.0354 2848 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/01 12:07:06.0419 2848 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/01 12:07:06.0483 2848 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/01 12:07:06.0537 2848 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/08/01 12:07:06.0600 2848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/01 12:07:06.0653 2848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/01 12:07:06.0702 2848 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/01 12:07:06.0759 2848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/01 12:07:06.0812 2848 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/01 12:07:06.0885 2848 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/01 12:07:06.0942 2848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/01 12:07:07.0001 2848 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/01 12:07:07.0086 2848 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/01 12:07:07.0140 2848 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/01 12:07:07.0198 2848 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/01 12:07:07.0323 2848 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/01 12:07:07.0390 2848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/01 12:07:07.0539 2848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/01 12:07:07.0594 2848 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/01 12:07:07.0789 2848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/01 12:07:07.0917 2848 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/01 12:07:08.0041 2848 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/01 12:07:08.0100 2848 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/01 12:07:08.0207 2848 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/08/01 12:07:08.0289 2848 MBR (0x1B8) (92b784d578db86148868b4cbc189477f) \Device\Harddisk0\DR0
2011/08/01 12:07:08.0331 2848 Boot (0x1200) (59b5cd9ad4c59ab38b2375b83382ad2e) \Device\Harddisk0\DR0\Partition0
2011/08/01 12:07:08.0376 2848 Boot (0x1200) (7a71128861df2758756f600f9c9daeae) \Device\Harddisk0\DR0\Partition1
2011/08/01 12:07:08.0443 2848 Boot (0x1200) (fa61d7e91077b653cd1bb59c3cfec13b) \Device\Harddisk0\DR0\Partition2
2011/08/01 12:07:08.0484 2848 Boot (0x1200) (dd9460f52284ddd100cd126058171269) \Device\Harddisk0\DR0\Partition3
2011/08/01 12:07:08.0666 2848 ================================================================================
2011/08/01 12:07:08.0667 2848 Scan finished
2011/08/01 12:07:08.0667 2848 ================================================================================
2011/08/01 12:07:08.0736 2540 Detected object count: 0
2011/08/01 12:07:08.0736 2540 Actual detected object count: 0

#5
RookiePc

Posted 01 August 2011 - 01:09 PM

Member

Topic Starter
Member
22 posts

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-01 11:55:41
-----------------------------
11:55:41.729 OS Version: Windows 6.1.7600
11:55:41.730 Number of processors: 2 586 0x1C0A
11:55:41.733 ComputerName: LITTLE-PC UserName: Little
11:55:57.144 Initialize success
11:56:20.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:56:20.520 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
11:56:20.544 Disk 0 MBR read successfully
11:56:20.556 Disk 0 MBR scan
11:56:20.567 Disk 0 unknown MBR code
11:56:20.583 Disk 0 scanning sectors +488395120
11:56:20.671 Disk 0 scanning C:\Windows\system32\drivers
11:56:27.919 Service scanning
11:56:29.751 Modules scanning
11:56:38.660 Disk 0 trace - called modules:
11:56:38.680
11:56:38.691 Scan finished successfully
11:57:05.956 Disk 0 MBR has been saved successfully to "C:\Users\Little\Desktop\MBR.dat"
11:57:05.980 The log file has been saved successfully to "C:\Users\Little\Desktop\aswMBR.txt"

After running OTL a pair of desktop.ini icons showed up. What are they?

#6
maliprog

Posted 01 August 2011 - 01:49 PM

Trusted Helper

Malware Removal
6,172 posts

Do you still get redirected?

desktop.ini is system file and here is how we going to hide it as it should be.

Open the Control Panel
Click on the Folder Options Icon. (See screenshot below)
Click on View tab and check Hide protected operating system files (Recommended) and Do not show hidden files and folders box

You won't see desktop.ini file any more.

#7
maliprog

Posted 01 August 2011 - 02:25 PM

Trusted Helper

Malware Removal
6,172 posts

I need to see something. Please can you do OTL scan but this time ensure all users option is selected. Post log after the scan.

#8
RookiePc

Posted 01 August 2011 - 09:19 PM

Member

Topic Starter
Member
22 posts

I do not seem to be redirected like before. Requested log.

OTL logfile created on: 8/1/2011 8:08:30 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Little\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.20 Mb Total Physical Memory | 405.36 Mb Available Physical Memory | 40.05% Memory free
1.99 Gb Paging File | 1.11 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.75 Gb Total Space | 187.11 Gb Free Space | 85.93% Space Free | Partition Type: NTFS
Drive D: | 14.84 Gb Total Space | 2.14 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 94.91 Mb Free Space | 95.69% Space Free | Partition Type: FAT32

Computer Name: LITTLE-PC | User Name: Little | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 02:42:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little\Desktop\OTL.exe
PRC - [2010/07/07 23:42:13 | 000,729,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
PRC - [2010/05/13 11:05:44 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/09 15:43:38 | 000,026,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/04/09 15:42:00 | 000,601,144 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/04/05 11:12:02 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010/04/05 11:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010/03/31 18:53:18 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/03/30 16:40:18 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/03/28 15:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2010/02/26 03:03:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe
PRC - [2009/10/13 10:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/08/01 02:42:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little\Desktop\OTL.exe
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SstpSvc32)
SRV - [2010/04/09 15:43:38 | 000,026,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/04/05 11:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/03/31 18:53:18 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe -- (STacSV)
SRV - [2010/01/04 11:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

========== Driver Services (SafeList) ==========

DRV - [2010/02/26 03:03:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/08 22:57:16 | 000,186,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/11/11 13:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009/08/29 17:16:41 | 000,325,168 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\NIS\1100000.088\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/29 17:16:41 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1100000.088\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/29 02:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/29 02:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS -- (NAVENG)
DRV - [2009/07/13 15:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 82 12 17 98 12 95 4E 9C F6 9E E4 E0 49 43 F6 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 82 12 17 98 12 95 4E 9C F6 9E E4 E0 49 43 F6 [binary data]

IE - HKU\S-1-5-21-2437226032-1740323516-2256806070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2437226032-1740323516-2256806070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2437226032-1740323516-2256806070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 82 12 17 98 12 95 4E 9C F6 9E E4 E0 49 43 F6 [binary data]
IE - HKU\S-1-5-21-2437226032-1740323516-2256806070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2437226032-1740323516-2256806070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {db6c54c7-ddd5-4e4a-936a-4f15dca8e22d}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/07/07 23:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/07 23:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 13:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/01 02:40:58 | 000,000,000 | ---D | M]

[2010/09/19 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Little\AppData\Roaming\Mozilla\Extensions
[2011/07/31 23:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Little\AppData\Roaming\Mozilla\Firefox\Profiles\721cst0z.default\extensions
[2011/07/31 19:08:20 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Little\AppData\Roaming\Mozilla\Firefox\Profiles\721cst0z.default\extensions\{db6c54c7-ddd5-4e4a-936a-4f15dca8e22d}
[2010/09/22 22:54:46 | 000,001,834 | ---- | M] () -- C:\Users\Little\AppData\Roaming\Mozilla\Firefox\Profiles\721cst0z.default\searchplugins\bing.xml
[2011/07/31 19:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/31 19:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/31 19:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 11:53:30 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Little\Desktop\aswMBR.exe
[2011/08/01 11:42:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 11:41:00 | 000,000,000 | ---D | C] -- C:\Users\Little\Desktop\tdsskiller
[2011/08/01 02:42:44 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Little\Desktop\OTL.exe
[2011/08/01 02:39:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/31 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/31 19:15:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/31 19:15:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/31 19:15:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/07/31 19:12:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/07/29 22:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

========== Files - Modified Within 30 Days ==========

[2011/08/01 20:09:08 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 20:09:08 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 20:01:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/01 20:01:02 | 796,020,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 11:57:05 | 000,000,512 | ---- | M] () -- C:\Users\Little\Desktop\MBR.dat
[2011/08/01 11:53:35 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Little\Desktop\aswMBR.exe
[2011/08/01 11:39:48 | 001,388,094 | ---- | M] () -- C:\Users\Little\Desktop\tdsskiller.zip
[2011/08/01 02:42:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little\Desktop\OTL.exe
[2011/08/01 02:40:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/31 23:17:51 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLittle.job
[2011/07/31 19:08:21 | 000,000,083 | ---- | M] () -- C:\Windows\System32\2047248330
[2011/07/24 00:36:25 | 000,001,868 | ---- | M] () -- C:\Users\Little\Desktop\fergie 2.jpg
[2011/07/24 00:33:13 | 000,002,024 | ---- | M] () -- C:\Users\Little\Desktop\fergie.jpg
[2011/07/23 23:03:34 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/23 23:03:34 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/08/01 11:57:05 | 000,000,512 | ---- | C] () -- C:\Users\Little\Desktop\MBR.dat
[2011/08/01 11:39:32 | 001,388,094 | ---- | C] () -- C:\Users\Little\Desktop\tdsskiller.zip
[2011/08/01 02:40:59 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/31 19:08:20 | 000,000,083 | ---- | C] () -- C:\Windows\System32\2047248330
[2011/07/24 00:36:24 | 000,001,868 | ---- | C] () -- C:\Users\Little\Desktop\fergie 2.jpg
[2011/07/24 00:33:12 | 000,002,024 | ---- | C] () -- C:\Users\Little\Desktop\fergie.jpg
[2011/07/24 00:12:01 | 000,027,581 | ---- | C] () -- C:\Users\Little\Desktop\429243708_tp.jpg
[2011/07/23 07:04:18 | 002,123,866 | ---- | C] () -- C:\Users\Little\Desktop\DSC01919.JPG
[2011/07/23 06:47:32 | 002,055,896 | ---- | C] () -- C:\Users\Little\Desktop\DSC01918.JPG
[2011/07/23 06:46:58 | 002,013,554 | ---- | C] () -- C:\Users\Little\Desktop\DSC01916.JPG
[2010/07/07 23:21:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/07/07 23:19:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/07/07 23:19:45 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010/05/13 14:04:57 | 000,000,188 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,336,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,615,360 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,103,702 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 15:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/09 21:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

#9
maliprog

Posted 01 August 2011 - 11:19 PM

Trusted Helper

Malware Removal
6,172 posts

Hi RookiePc,

This step should remove some leftovers. Test your system after this step and let me know if there is any problems left.

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 82 12 17 98 12 95 4E 9C F6 9E E4 E0 49 43 F6 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 82 12 17 98 12 95 4E 9C F6 9E E4 E0 49 43 F6 [binary data]
IE - HKU\S-1-5-21-2437226032-1740323516-2256806070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 82 12 17 98 12 95 4E 9C F6 9E E4 E0 49 43 F6 [binary data]
[2011/07/31 19:08:21 | 000,000,083 | ---- | M] () -- C:\Windows\System32\2047248330

:Reg
[HKCU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default" =-

[HKCU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default" =-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

#10
RookiePc

Posted 02 August 2011 - 03:10 AM

Member

Topic Starter
Member
22 posts

All processes killed
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-2437226032-1740323516-2256806070-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
C:\Windows\System32\2047248330 moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main not found.
Registry key HKEY_CURRENT_USER\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Little\Desktop\cmd.bat deleted successfully.
C:\Users\Little\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Little
->Temp folder emptied: 285048872 bytes
->Temporary Internet Files folder emptied: 79379103 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51803772 bytes
->Flash cache emptied: 155706 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1688106 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 399.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Little
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08022011_020259

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#11
maliprog

Posted 02 August 2011 - 04:47 AM

Trusted Helper

Malware Removal
6,172 posts

Good job! How is your system now? Any problems?

#12
RookiePc

Posted 02 August 2011 - 02:23 PM

Member

Topic Starter
Member
22 posts

Hello,

Seems to be running ok, no redirects or an errors while starting. I also, have another friends net book that is infected. Should I start a new topic?

Thanks for all your help!!

#13
maliprog

Posted 02 August 2011 - 11:22 PM

Trusted Helper

Malware Removal
6,172 posts

Hi RookiePc,

We can take a look at it here. Not a problem. But first let's clean your PC from my programs.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

Click Start, click Run, type sysdm.cpl, and then press ENTER.
Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
Click OK button

2. Delete Temp files

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.

4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

#14
maliprog

Posted 02 August 2011 - 11:24 PM

Trusted Helper

Malware Removal
6,172 posts

Now let's take a look at net book. Please describe problem then download new version of OTL and do scan. After that post log here for me.

#15
RookiePc

Posted 03 August 2011 - 07:18 PM

Member

Topic Starter
Member
22 posts

Do I just delete the other program aswMBR from the desktop, as I see no uninstall option? Also, I created the another thread with the other net books oTL log before seeing your response and Usser RKinner responded. Should I just post in that thread.