Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus Root\LEGACY_CRYPTSVC32 (Trojan.Tracur)

Started by John Roix , Aug 02 2011 02:24 PM

  • This topic is locked This topic is locked

#1
John Roix
Posted 02 August 2011 - 02:24 PM

John Roix

    Member

  • Member
  • PipPip
  • 25 posts
I've got the google redirect virus. Malwarebytes will remove in safe mode, but virus returns upon restart. System restore is already off. Any assistance will be greatly appreciated!!!



OTL logfile created on: 8/2/2011 4:14:42 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\TEST\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 295.27 Mb Available Physical Memory | 30.80% Memory free
2.26 Gb Paging File | 1.61 Gb Available in Paging File | 71.21% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.03 Gb Total Space | 23.68 Gb Free Space | 38.17% Space Free | Partition Type: NTFS
Drive D: | 11.46 Gb Total Space | 1.27 Gb Free Space | 11.04% Space Free | Partition Type: FAT32

Computer Name: YOUR-0CDC4F5844 | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 16:14:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEST\My Documents\Downloads\OTL.exe
PRC - [2011/08/02 16:10:30 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\a482cbd5-5a08-48e5-b804-74c0c36932a3.com
PRC - [2011/07/27 15:51:40 | 000,793,600 | ---- | M] (Axes Array) -- C:\WINDOWS\system32\yA
PRC - [2011/07/27 15:51:40 | 000,793,600 | ---- | M] (Axes Array) -- C:\WINDOWS\system32\kbdgeo32.exe
PRC - [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/06/10 14:56:32 | 000,493,336 | ---- | M] () -- C:\Program Files\ACTIV Software\ActivDriver\ActivMgr.exe
PRC - [2010/06/10 14:56:28 | 001,092,896 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Program Files\ACTIV Software\ActivDriver\ActivControl2.exe
PRC - [2009/11/25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/06/03 08:46:36 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/06/03 08:46:34 | 000,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/08 02:59:18 | 000,098,304 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2011/08/02 16:14:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEST\My Documents\Downloads\OTL.exe
MOD - [2011/08/02 16:09:35 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2011/07/27 15:51:40 | 000,793,600 | ---- | M] (Axes Array) [Auto | Running] -- C:\WINDOWS\system32\kbdgeo32.exe -- (CryptSvc32)
SRV - [2009/11/25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/06/03 08:46:36 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/08/02 12:13:44 | 000,070,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\TEST\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk.sys -- (F-Secure Standalone Minifilter)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 14:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/22 07:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/06/16 14:38:28 | 000,057,088 | ---- | M] (Promethean) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2006/06/19 08:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/01 20:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 13:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 06:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 06:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 06:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/05 19:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 20:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 20:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 20:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 00:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 22:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 21:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3E C4 17 06 27 70 8B 4C 99 10 A3 3B 8F 92 D5 FA [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62283
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\TEST\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\TEST\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\TEST\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\TEST\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: G:\Documents\Downloads\PortableApps\FirefoxPortable\App\firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: G:\Documents\Downloads\PortableApps\FirefoxPortable\App\firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: F:\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: F:\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: H:\PortableApps\FirefoxPortable\App\firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: H:\PortableApps\FirefoxPortable\App\firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 13:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 13:14:54 | 000,000,000 | ---D | M]

[2010/04/29 16:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2011/07/27 15:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions
[2011/06/12 10:36:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{1b907010-1961-41f1-9a48-c1577332ff88}
[2010/07/27 16:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/27 15:52:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{2b5382e3-12e2-4008-8eda-c6d616cdca13}
[2011/06/19 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/19 19:13:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/06/29 22:14:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/28 15:27:17 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/08 20:25:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/03/16 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ActivControl] C:\Program Files\ACTIV Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://www.charter.n...suite/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0d90385b-7d6d-11de-ad88-001636b886a7}\Shell - "" = AutoRun
O33 - MountPoints2\{0d90385b-7d6d-11de-ad88-001636b886a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d90385b-7d6d-11de-ad88-001636b886a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9b67417a-7be5-11de-ad87-001636b886a7}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{a6068e1f-c73f-11df-ae02-001636b886a7}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{bf2f7d2f-5743-11dd-90e1-001636b886a7}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{fb001df0-88c4-11de-ad91-001a73053ab8}\Shell\AutoRun\command - "" = H:\StartPortableApps.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 13:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NPE
[2011/08/01 12:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/31 14:16:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/31 14:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\gmer
[2011/07/31 12:50:36 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\TEST\Desktop\dds.scr
[2011/07/29 11:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\F-Secure
[2011/07/29 09:08:43 | 000,793,600 | ---- | C] (Axes Array) -- C:\WINDOWS\System32\yA.uss_dis
[2011/07/27 19:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/27 19:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/27 15:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\tjnet
[2011/07/27 15:52:22 | 000,793,600 | ---- | C] (Axes Array) -- C:\WINDOWS\System32\yA
[2011/07/27 15:52:15 | 000,793,600 | ---- | C] (Axes Array) -- C:\WINDOWS\System32\kbdgeo32.exe
[2011/07/21 16:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\magicJack
[2011/07/21 16:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/07/21 16:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\mjusbsp
[2011/07/21 08:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\CANON INC
[2011/07/21 08:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\ZoomBrowser EX
[2011/07/21 08:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Canon MyCameraFiles
[2011/07/21 08:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2011/07/21 07:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011/07/18 13:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/07/18 13:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/18 13:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/18 13:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/18 13:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/07/18 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/18 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/18 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\TEST\*.tmp files -> C:\Documents and Settings\TEST\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/02 16:10:12 | 000,001,777 | ---- | M] () -- C:\hpqp.ini
[2011/08/02 16:09:35 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/08/02 16:09:34 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/02 16:09:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 16:09:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 16:09:27 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 15:57:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
[2011/08/02 15:46:52 | 000,670,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/02 15:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 14:56:27 | 000,455,450 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/02 14:56:27 | 000,076,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/02 13:40:31 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
[2011/08/02 12:57:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
[2011/08/01 23:06:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/01 20:04:10 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\magicJack.lnk
[2011/08/01 17:48:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/01 13:36:14 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/08/01 12:58:21 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\sdsetup_revwire207.exe
[2011/07/31 14:01:48 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\gmer.zip
[2011/07/31 12:50:33 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\TEST\Desktop\dds.scr
[2011/07/29 09:08:43 | 000,793,600 | ---- | M] (Axes Array) -- C:\WINDOWS\System32\yA.uss_dis
[2011/07/27 18:28:44 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/27 15:52:15 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\760269860
[2011/07/27 15:51:40 | 000,793,600 | ---- | M] (Axes Array) -- C:\WINDOWS\System32\yA
[2011/07/27 15:51:40 | 000,793,600 | ---- | M] (Axes Array) -- C:\WINDOWS\System32\kbdgeo32.exe
[2011/07/14 18:47:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/14 06:11:41 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 03:01:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/09 21:26:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\TEST\*.tmp files -> C:\Documents and Settings\TEST\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/02 15:46:33 | 000,670,206 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/01 20:03:45 | 1005,170,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/01 16:37:53 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\magicJack.lnk
[2011/08/01 12:58:59 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\sdsetup_revwire207.exe
[2011/07/31 14:01:55 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\gmer.zip
[2011/07/21 16:22:43 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\TEST\Start Menu\Programs\magicJack.lnk
[2011/07/18 13:09:55 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/13 14:00:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/31 12:34:39 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/21 06:22:05 | 000,007,687 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\D249.6B7
[2010/06/10 14:56:48 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010/06/10 14:56:30 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2010/04/14 03:09:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/08 17:43:55 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/04/08 17:43:53 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/04/08 17:43:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/03/02 21:57:26 | 000,014,284 | -HS- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\2542G16705fU
[2009/06/13 22:23:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/25 17:35:32 | 000,001,296 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/11/16 12:53:19 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/11/16 12:48:12 | 000,117,681 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/11/05 12:48:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/05 00:46:46 | 000,002,179 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\evpro32.prf
[2008/11/03 19:51:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\wklnhst.dat
[2008/07/24 12:58:02 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 12:35:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/07/16 19:56:25 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2006/10/17 18:05:44 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/17 18:01:32 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/10/17 18:01:32 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/17 17:47:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/17 17:36:06 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/12 11:08:38 | 006,172,672 | ---- | C] () -- C:\WINDOWS\System32\HwRecogK.dll
[2006/08/18 04:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 04:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 04:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 04:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 04:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 04:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 04:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 04:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 04:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/14 09:56:52 | 007,946,240 | ---- | C] () -- C:\WINDOWS\System32\HWRecogT.dll
[2006/08/13 17:48:58 | 015,147,008 | ---- | C] () -- C:\WINDOWS\System32\HWRecog.dll
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,320 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,455,450 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,076,056 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,306,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/05 06:20:40 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/08/07 16:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2011/06/24 10:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2011/08/02 14:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/02/01 12:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2011/01/31 13:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/21 16:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2009/03/13 17:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/06/24 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2011/08/02 16:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/28 22:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/07/18 13:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/05 16:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/23 22:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/06/24 10:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\ACTIV Software
[2011/06/28 15:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Catalina Marketing Corp
[2009/10/15 18:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Elluminate
[2011/07/29 11:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\F-Secure
[2011/01/25 13:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\GetRightToGo
[2011/08/02 13:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\mjusbsp
[2009/03/13 17:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\muvee Technologies
[2009/12/14 11:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Netscape
[2011/06/24 10:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Promethean
[2008/11/22 19:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Snapfish
[2008/11/03 19:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Template
[2009/08/21 21:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\TestGen
[2009/07/28 22:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\TomTom
[2009/12/13 11:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Windows Live Writer
[2011/08/02 13:40:31 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 03 August 2011 - 01:48 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello John Roix and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Please do all scan and fixes in Normal mode for now.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3E C4 17 06 27 70 8B 4C 99 10 A3 3B 8F 92 D5 FA [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 62283
    FF - prefs.js..network.proxy.type: 0
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    [2011/07/29 09:08:43 | 000,793,600 | ---- | C] (Axes Array) -- C:\WINDOWS\System32\yA.uss_dis
    [2011/07/27 15:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\tjnet
    [2011/07/27 15:52:22 | 000,793,600 | ---- | C] (Axes Array) -- C:\WINDOWS\System32\yA
    [2011/07/27 15:52:15 | 000,793,600 | ---- | C] (Axes Array) -- C:\WINDOWS\System32\kbdgeo32.exe
    [2011/07/21 16:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\mjusbsp
    [2011/07/27 15:52:15 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\760269860
    [2010/03/02 21:57:26 | 000,014,284 | -HS- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\2542G16705fU

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please update Malwarebytes and do Quick Scan then post log here for me.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
John Roix
Posted 03 August 2011 - 05:32 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
MBAM log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7364

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/3/2011 7:20:21 AM
mbam-log-2011-08-03 (07-20-21).txt

Scan type: Quick scan
Objects scanned: 178135
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
John Roix
Posted 03 August 2011 - 05:33 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OLT log


All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 62283 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 not found.
File C:\WINDOWS\System32\yA.uss_dis not found.
C:\Documents and Settings\TEST\Local Settings\Application Data\tjnet\cdloader folder moved successfully.
C:\Documents and Settings\TEST\Local Settings\Application Data\tjnet folder moved successfully.
File C:\WINDOWS\System32\yA not found.
File C:\WINDOWS\System32\kbdgeo32.exe not found.
C:\Documents and Settings\TEST\Application Data\mjusbsp\Upgrade folder moved successfully.
C:\Documents and Settings\TEST\Application Data\mjusbsp\ug00000 folder moved successfully.
C:\Documents and Settings\TEST\Application Data\mjusbsp\st00000 folder moved successfully.
C:\Documents and Settings\TEST\Application Data\mjusbsp\lr00000 folder moved successfully.
C:\Documents and Settings\TEST\Application Data\mjusbsp\in00000 folder moved successfully.
C:\Documents and Settings\TEST\Application Data\mjusbsp\ar00000 folder moved successfully.
C:\Documents and Settings\TEST\Application Data\mjusbsp folder moved successfully.
C:\WINDOWS\system32\760269860 moved successfully.
File C:\Documents and Settings\TEST\Local Settings\Application Data\2542G16705fU not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\TEST\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TEST\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEST
->Temp folder emptied: 169429 bytes
->Temporary Internet Files folder emptied: 6593313 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7367507 bytes
->Google Chrome cache emptied: 100997853 bytes
->Flash cache emptied: 1880 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: TEST
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08032011_064542

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#5
maliprog
Posted 03 August 2011 - 05:37 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice! Please run OTL scan one more time but make sure that All users option is selected then post log here for me. Also can you test your system now for redirection.
  • 0

#6
John Roix
Posted 03 August 2011 - 05:38 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Is it normal for MBAM not pick up on the virus?
  • 0

#7
maliprog
Posted 03 August 2011 - 06:05 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Sometimes antivirus and antimalware programs just not enough to remove all part of malware. That's way we are here :). Post that OTL log when you finish with the scan...
  • 0

#8
John Roix
Posted 03 August 2011 - 06:13 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Still redirecting...Here's the log


OTL logfile created on: 8/3/2011 8:08:24 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\TEST\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 155.71 Mb Available Physical Memory | 16.24% Memory free
2.26 Gb Paging File | 1.58 Gb Available in Paging File | 69.88% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.03 Gb Total Space | 24.42 Gb Free Space | 39.36% Space Free | Partition Type: NTFS
Drive D: | 11.46 Gb Total Space | 1.27 Gb Free Space | 11.04% Space Free | Partition Type: FAT32

Computer Name: YOUR-0CDC4F5844 | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 16:14:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEST\Desktop\OTL.exe
PRC - [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/06/10 14:56:32 | 000,493,336 | ---- | M] () -- C:\Program Files\ACTIV Software\ActivDriver\ActivMgr.exe
PRC - [2010/06/10 14:56:28 | 001,092,896 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Program Files\ACTIV Software\ActivDriver\ActivControl2.exe
PRC - [2009/11/25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/06/03 08:46:36 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/06/03 08:46:34 | 000,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/08 02:59:18 | 000,098,304 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 06:46:57 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2011/08/02 16:14:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEST\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2009/11/25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/06/03 08:46:36 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 14:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/22 07:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/06/16 14:38:28 | 000,057,088 | ---- | M] (Promethean) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2006/06/19 08:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/01 20:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 13:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 06:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 06:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 06:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/05 19:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 20:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 20:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 20:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 00:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 22:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 21:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\TEST\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\TEST\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\TEST\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\TEST\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: G:\Documents\Downloads\PortableApps\FirefoxPortable\App\firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: G:\Documents\Downloads\PortableApps\FirefoxPortable\App\firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: F:\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: F:\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: H:\PortableApps\FirefoxPortable\App\firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: H:\PortableApps\FirefoxPortable\App\firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 13:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 13:14:54 | 000,000,000 | ---D | M]

[2010/04/29 16:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2011/07/27 15:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions
[2011/06/12 10:36:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{1b907010-1961-41f1-9a48-c1577332ff88}
[2010/07/27 16:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/27 15:52:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{2b5382e3-12e2-4008-8eda-c6d616cdca13}
[2011/06/19 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/19 19:13:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/06/29 22:14:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/28 15:27:17 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/08 20:25:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/02 17:50:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ActivControl] C:\Program Files\ACTIV Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005..\Run: [cdloader] File not found
O4 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://www.charter.n...suite/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0d90385b-7d6d-11de-ad88-001636b886a7}\Shell - "" = AutoRun
O33 - MountPoints2\{0d90385b-7d6d-11de-ad88-001636b886a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d90385b-7d6d-11de-ad88-001636b886a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9b67417a-7be5-11de-ad87-001636b886a7}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{a6068e1f-c73f-11df-ae02-001636b886a7}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{bf2f7d2f-5743-11dd-90e1-001636b886a7}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{fb001df0-88c4-11de-ad91-001a73053ab8}\Shell\AutoRun\command - "" = H:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 17:50:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/02 16:14:16 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TEST\Desktop\OTL.exe
[2011/08/01 13:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NPE
[2011/08/01 12:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/31 14:16:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/31 14:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\gmer
[2011/07/31 12:50:36 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\TEST\Desktop\dds.scr
[2011/07/29 11:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\F-Secure
[2011/07/27 19:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/27 19:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/21 16:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\magicJack
[2011/07/21 16:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/07/21 16:13:58 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/07/21 08:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\CANON INC
[2011/07/21 08:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\ZoomBrowser EX
[2011/07/21 08:19:34 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/21 08:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Canon MyCameraFiles
[2011/07/21 08:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2011/07/21 07:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011/07/18 13:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/07/18 13:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/18 13:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/18 13:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/18 13:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/07/18 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/18 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/18 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\TEST\*.tmp files -> C:\Documents and Settings\TEST\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 08:01:15 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
[2011/08/03 07:57:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
[2011/08/03 07:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/03 07:11:15 | 000,001,777 | ---- | M] () -- C:\hpqp.ini
[2011/08/03 06:46:56 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/08/03 06:46:55 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/03 06:46:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 06:46:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 06:46:46 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 18:20:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/02 18:20:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 17:50:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/02 16:14:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEST\Desktop\OTL.exe
[2011/08/02 15:46:52 | 000,670,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/02 14:56:27 | 000,455,450 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/02 14:56:27 | 000,076,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/02 12:57:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
[2011/08/01 23:06:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/01 20:04:10 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\magicJack.lnk
[2011/08/01 17:48:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/01 13:36:14 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/08/01 12:58:21 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\sdsetup_revwire207.exe
[2011/07/31 14:01:48 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\gmer.zip
[2011/07/31 12:50:33 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\TEST\Desktop\dds.scr
[2011/07/21 08:19:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/14 18:47:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/14 06:11:41 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 03:01:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/09 21:26:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\TEST\*.tmp files -> C:\Documents and Settings\TEST\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/02 18:20:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 17:11:40 | 1005,170,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/02 15:46:33 | 000,670,206 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/01 16:37:53 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\magicJack.lnk
[2011/08/01 12:58:59 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\sdsetup_revwire207.exe
[2011/07/31 14:01:55 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\gmer.zip
[2011/07/21 16:22:43 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\TEST\Start Menu\Programs\magicJack.lnk
[2011/07/18 13:09:55 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/13 14:00:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/31 12:34:39 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/21 06:22:05 | 000,007,687 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\D249.6B7
[2010/06/10 14:56:48 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010/06/10 14:56:30 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2010/04/14 03:09:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/08 17:43:55 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/04/08 17:43:53 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/04/08 17:43:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/06/13 22:23:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/25 17:35:32 | 000,001,296 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/11/16 12:53:19 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/11/16 12:48:12 | 000,117,681 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/11/05 12:48:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/05 00:46:46 | 000,002,179 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\evpro32.prf
[2008/11/03 19:51:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\wklnhst.dat
[2008/07/24 12:58:02 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 12:35:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/07/16 19:56:25 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2006/10/17 18:05:44 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/17 18:01:32 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/10/17 18:01:32 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/17 17:47:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/17 17:36:06 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/12 11:08:38 | 006,172,672 | ---- | C] () -- C:\WINDOWS\System32\HwRecogK.dll
[2006/08/18 04:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 04:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 04:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 04:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 04:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 04:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 04:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 04:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 04:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/14 09:56:52 | 007,946,240 | ---- | C] () -- C:\WINDOWS\System32\HWRecogT.dll
[2006/08/13 17:48:58 | 015,147,008 | ---- | C] () -- C:\WINDOWS\System32\HWRecog.dll
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,320 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,455,450 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,076,056 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,306,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/05 06:20:40 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/08/07 16:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

#9
maliprog
Posted 03 August 2011 - 06:34 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Do you get redirected in all browsers you use or this redirection only effect one browser?

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    :Files
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#10
John Roix
Posted 03 August 2011 - 06:35 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Firefox only.
  • 0

Advertisements

#11
John Roix
Posted 03 August 2011 - 06:59 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OLT fix log


========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\TEST\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TEST\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : your-0cdc4f5844
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin
Ethernet adapter Local Area Connection 4:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-16-36-B8-86-A7
Ethernet adapter Wireless Network Connection 3:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : 00-1A-73-05-3A-B8
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
66.189.0.100
24.159.64.23
24.247.24.53
Lease Obtained. . . . . . . . . . : Wednesday, August 03, 2011 07:11:22
Lease Expires . . . . . . . . . . : Monday, January 18, 2038 23:14:07
C:\Documents and Settings\TEST\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TEST\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
DNS request timed out.
timeout was 2 seconds.
Server: vip01oxfrma.oxfr.ma.charter.com
Address: 66.189.0.100
Name: google.com
Addresses: 74.125.93.106, 74.125.93.103, 74.125.93.99, 74.125.93.147
74.125.93.104, 74.125.93.105
C:\Documents and Settings\TEST\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TEST\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
DNS request timed out.
timeout was 2 seconds.
Server: vip01oxfrma.oxfr.ma.charter.com
Address: 66.189.0.100
Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70
C:\Documents and Settings\TEST\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TEST\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.91.105] with 32 bytes of data:
Reply from 74.125.91.105: bytes=32 time=37ms TTL=50
Reply from 74.125.91.105: bytes=32 time=29ms TTL=50
Ping statistics for 74.125.91.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 37ms, Average = 33ms
C:\Documents and Settings\TEST\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TEST\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=120ms TTL=48
Reply from 72.30.2.43: bytes=32 time=121ms TTL=48
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 120ms, Maximum = 121ms, Average = 120ms
C:\Documents and Settings\TEST\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TEST\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 36 b8 86 a7 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x3 ...00 1a 73 05 3a b8 ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.2 192.168.2.2 20
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 25
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 25
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 25
255.255.255.255 255.255.255.255 192.168.2.2 2 1
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\TEST\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TEST\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08032011_083647
  • 0

#12
John Roix
Posted 03 August 2011 - 07:00 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
TDSS log


2011/08/03 08:42:56.0656 3636 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/03 08:42:57.0015 3636 ================================================================================
2011/08/03 08:42:57.0015 3636 SystemInfo:
2011/08/03 08:42:57.0015 3636
2011/08/03 08:42:57.0015 3636 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/03 08:42:57.0015 3636 Product type: Workstation
2011/08/03 08:42:57.0015 3636 ComputerName: YOUR-0CDC4F5844
2011/08/03 08:42:57.0015 3636 UserName: TEST
2011/08/03 08:42:57.0015 3636 Windows directory: C:\WINDOWS
2011/08/03 08:42:57.0015 3636 System windows directory: C:\WINDOWS
2011/08/03 08:42:57.0015 3636 Processor architecture: Intel x86
2011/08/03 08:42:57.0015 3636 Number of processors: 2
2011/08/03 08:42:57.0015 3636 Page size: 0x1000
2011/08/03 08:42:57.0015 3636 Boot type: Normal boot
2011/08/03 08:42:57.0015 3636 ================================================================================
2011/08/03 08:42:58.0609 3636 Initialize success
2011/08/03 08:43:01.0296 3216 ================================================================================
2011/08/03 08:43:01.0296 3216 Scan started
2011/08/03 08:43:01.0296 3216 Mode: Manual;
2011/08/03 08:43:01.0296 3216 ================================================================================
2011/08/03 08:43:02.0656 3216 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
2011/08/03 08:43:02.0734 3216 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/03 08:43:02.0796 3216 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/03 08:43:02.0828 3216 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/03 08:43:02.0875 3216 ActivHidSerMini (31fb534109decb0930806fad0b2985e9) C:\WINDOWS\system32\DRIVERS\activhidsermini.sys
2011/08/03 08:43:02.0937 3216 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/03 08:43:03.0078 3216 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/03 08:43:03.0125 3216 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/03 08:43:03.0171 3216 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/03 08:43:03.0234 3216 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/03 08:43:03.0281 3216 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/03 08:43:03.0359 3216 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/03 08:43:03.0453 3216 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/03 08:43:03.0500 3216 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/03 08:43:03.0546 3216 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/03 08:43:03.0578 3216 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/03 08:43:03.0640 3216 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/03 08:43:03.0671 3216 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/03 08:43:03.0734 3216 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/03 08:43:03.0781 3216 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/03 08:43:03.0828 3216 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/03 08:43:03.0906 3216 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/03 08:43:03.0984 3216 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/03 08:43:04.0015 3216 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/03 08:43:04.0078 3216 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/03 08:43:04.0125 3216 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/03 08:43:04.0203 3216 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/03 08:43:04.0250 3216 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/03 08:43:04.0390 3216 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/08/03 08:43:04.0437 3216 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/03 08:43:04.0453 3216 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/03 08:43:04.0515 3216 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/03 08:43:04.0546 3216 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/03 08:43:04.0578 3216 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/03 08:43:04.0609 3216 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/03 08:43:04.0640 3216 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/03 08:43:04.0718 3216 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/03 08:43:04.0765 3216 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/03 08:43:04.0875 3216 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/03 08:43:04.0921 3216 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/03 08:43:04.0984 3216 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/03 08:43:05.0015 3216 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/03 08:43:05.0062 3216 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/03 08:43:05.0156 3216 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/03 08:43:05.0203 3216 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/03 08:43:05.0281 3216 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/03 08:43:05.0375 3216 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/03 08:43:05.0421 3216 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/03 08:43:05.0484 3216 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/03 08:43:05.0531 3216 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/08/03 08:43:05.0562 3216 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2011/08/03 08:43:05.0859 3216 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/03 08:43:05.0921 3216 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/03 08:43:05.0937 3216 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/03 08:43:05.0968 3216 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/03 08:43:06.0015 3216 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/03 08:43:06.0046 3216 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/03 08:43:06.0093 3216 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/03 08:43:06.0156 3216 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/03 08:43:06.0312 3216 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/03 08:43:06.0390 3216 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/08/03 08:43:06.0453 3216 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/08/03 08:43:06.0515 3216 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/03 08:43:06.0671 3216 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/03 08:43:06.0718 3216 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/03 08:43:06.0765 3216 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/03 08:43:06.0796 3216 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/03 08:43:06.0828 3216 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/03 08:43:06.0890 3216 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/08/03 08:43:06.0953 3216 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/03 08:43:07.0125 3216 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/03 08:43:07.0203 3216 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/03 08:43:07.0234 3216 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/03 08:43:07.0296 3216 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/03 08:43:07.0375 3216 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/03 08:43:07.0531 3216 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/03 08:43:07.0593 3216 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/03 08:43:07.0656 3216 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/03 08:43:07.0687 3216 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/03 08:43:07.0718 3216 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/03 08:43:07.0750 3216 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/03 08:43:07.0796 3216 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/03 08:43:07.0843 3216 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/03 08:43:07.0921 3216 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/03 08:43:08.0000 3216 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/03 08:43:08.0046 3216 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/03 08:43:08.0093 3216 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/03 08:43:08.0140 3216 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/03 08:43:08.0187 3216 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/03 08:43:08.0312 3216 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/03 08:43:08.0468 3216 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/03 08:43:08.0500 3216 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/03 08:43:08.0562 3216 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/03 08:43:08.0609 3216 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/03 08:43:08.0640 3216 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/03 08:43:08.0687 3216 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/03 08:43:08.0750 3216 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
2011/08/03 08:43:08.0859 3216 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/03 08:43:08.0890 3216 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/03 08:43:08.0968 3216 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/03 08:43:09.0015 3216 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/03 08:43:09.0078 3216 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/03 08:43:09.0140 3216 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/03 08:43:09.0171 3216 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/03 08:43:09.0218 3216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/03 08:43:09.0328 3216 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/03 08:43:09.0390 3216 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/03 08:43:09.0421 3216 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/03 08:43:09.0468 3216 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/03 08:43:09.0515 3216 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/03 08:43:09.0546 3216 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/03 08:43:09.0609 3216 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/03 08:43:09.0625 3216 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/03 08:43:09.0687 3216 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/03 08:43:09.0781 3216 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/03 08:43:09.0843 3216 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/03 08:43:09.0921 3216 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/03 08:43:09.0968 3216 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/03 08:43:10.0046 3216 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/03 08:43:10.0125 3216 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/03 08:43:10.0390 3216 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/03 08:43:10.0609 3216 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/08/03 08:43:10.0640 3216 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/03 08:43:10.0687 3216 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/03 08:43:10.0718 3216 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/08/03 08:43:10.0812 3216 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/03 08:43:10.0875 3216 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/03 08:43:11.0078 3216 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/03 08:43:11.0109 3216 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/03 08:43:11.0234 3216 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/03 08:43:11.0265 3216 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/03 08:43:11.0312 3216 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/03 08:43:11.0359 3216 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/03 08:43:11.0390 3216 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/03 08:43:11.0609 3216 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/03 08:43:11.0640 3216 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/03 08:43:11.0734 3216 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/03 08:43:11.0875 3216 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/03 08:43:11.0906 3216 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/03 08:43:11.0937 3216 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/03 08:43:11.0968 3216 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/03 08:43:12.0015 3216 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/03 08:43:12.0046 3216 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/03 08:43:12.0062 3216 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/03 08:43:12.0093 3216 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/03 08:43:12.0125 3216 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/03 08:43:12.0171 3216 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/03 08:43:12.0203 3216 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/03 08:43:12.0250 3216 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/03 08:43:12.0296 3216 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/03 08:43:12.0421 3216 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/03 08:43:12.0468 3216 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/03 08:43:12.0531 3216 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/03 08:43:12.0578 3216 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/03 08:43:12.0640 3216 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/08/03 08:43:12.0671 3216 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/08/03 08:43:12.0734 3216 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/08/03 08:43:12.0890 3216 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/08/03 08:43:12.0968 3216 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/03 08:43:13.0046 3216 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/03 08:43:13.0078 3216 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/08/03 08:43:13.0109 3216 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/03 08:43:13.0265 3216 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/03 08:43:13.0312 3216 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/03 08:43:13.0375 3216 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/03 08:43:13.0421 3216 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/03 08:43:13.0515 3216 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/03 08:43:13.0546 3216 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/03 08:43:13.0703 3216 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/03 08:43:13.0734 3216 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/03 08:43:13.0781 3216 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/03 08:43:13.0843 3216 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/03 08:43:13.0921 3216 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/03 08:43:13.0968 3216 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/03 08:43:14.0031 3216 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/03 08:43:14.0140 3216 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/03 08:43:14.0156 3216 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/03 08:43:14.0187 3216 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/03 08:43:14.0218 3216 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/03 08:43:14.0281 3216 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/03 08:43:14.0312 3216 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/03 08:43:14.0406 3216 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/03 08:43:14.0515 3216 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/03 08:43:14.0609 3216 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/03 08:43:14.0656 3216 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/03 08:43:14.0734 3216 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/03 08:43:14.0781 3216 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/03 08:43:14.0921 3216 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/03 08:43:15.0000 3216 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/03 08:43:15.0093 3216 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/03 08:43:15.0140 3216 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/03 08:43:15.0187 3216 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/03 08:43:15.0265 3216 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/03 08:43:15.0343 3216 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/03 08:43:15.0484 3216 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/03 08:43:15.0546 3216 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/03 08:43:15.0593 3216 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/03 08:43:15.0671 3216 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/03 08:43:15.0703 3216 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/03 08:43:15.0750 3216 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/03 08:43:15.0812 3216 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/03 08:43:15.0875 3216 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/03 08:43:15.0937 3216 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/03 08:43:15.0968 3216 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/03 08:43:16.0046 3216 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/03 08:43:16.0187 3216 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/03 08:43:16.0281 3216 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/03 08:43:16.0406 3216 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/03 08:43:16.0468 3216 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/03 08:43:16.0531 3216 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/03 08:43:16.0656 3216 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/03 08:43:16.0703 3216 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/03 08:43:16.0781 3216 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
2011/08/03 08:43:16.0796 3216 Boot (0x1200) (86b342e6106cf1486a3a054fa3fc6a5c) \Device\Harddisk0\DR0\Partition0
2011/08/03 08:43:16.0843 3216 Boot (0x1200) (e0b466d00fea317f182072380cc5771c) \Device\Harddisk0\DR0\Partition1
2011/08/03 08:43:16.0843 3216 ================================================================================
2011/08/03 08:43:16.0843 3216 Scan finished
2011/08/03 08:43:16.0843 3216 ================================================================================
2011/08/03 08:43:16.0859 2848 Detected object count: 0
2011/08/03 08:43:16.0859 2848 Actual detected object count: 0
  • 0

#13
John Roix
Posted 03 August 2011 - 07:01 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
aswMBR caused the computer to shut down during the scan.
  • 0

#14
maliprog
Posted 03 August 2011 - 07:05 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please try to run aswMBR one more time. After that do following steps.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/06/12 10:36:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{1b907010-1961-41f1-9a48-c1577332ff88}
    [2011/07/27 15:52:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{2b5382e3-12e2-4008-8eda-c6d616cdca13}

    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#15
John Roix
Posted 03 August 2011 - 07:21 AM

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Tried running aswMBR...computer again shut down.

working on combofix

OTL log


========== OTL ==========
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{1b907010-1961-41f1-9a48-c1577332ff88}\defaults\preferences folder moved successfully.
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{1b907010-1961-41f1-9a48-c1577332ff88}\defaults folder moved successfully.
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{1b907010-1961-41f1-9a48-c1577332ff88}\chrome folder moved successfully.
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{1b907010-1961-41f1-9a48-c1577332ff88} folder moved successfully.
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{2b5382e3-12e2-4008-8eda-c6d616cdca13}\defaults\preferences folder moved successfully.
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{2b5382e3-12e2-4008-8eda-c6d616cdca13}\defaults folder moved successfully.
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{2b5382e3-12e2-4008-8eda-c6d616cdca13}\chrome folder moved successfully.
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{2b5382e3-12e2-4008-8eda-c6d616cdca13} folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08032011_091428
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP