Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google (search engine) Redirect Issue

Started by jonard , Aug 22 2011 01:24 AM

  • This topic is locked This topic is locked

#1
jonard
Posted 22 August 2011 - 01:24 AM

jonard

    Member

  • Member
  • PipPip
  • 22 posts
Hello,
I am having the very common Google redirect issue on my laptop. This began on Sunday, and I have read many threads on this board and have tried to fix the issue alone. All of the antvirus softwares I have used says I am clean. Can someone on here help me, and tell which logs and from what programs you need to assist in fixing my computer. I am very frustrated and thanks in advance.

Jon
  • 0

Advertisements

#2
maliprog
Posted 22 August 2011 - 03:16 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello jonard and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
jonard
Posted 22 August 2011 - 10:08 AM

jonard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for your help. However I was very unsuccessful in attempting to get he logs you desired.
When I ran the OTL program, it took a long time and finally became (non responding) at the SCAN - Manual File Scan getting Folder Structure.....

When I ran the aswMBR.exe - It went straight to the blue screen of death and I had to restart my computer.

I am still having the same issues of redirecting as before, any other suggestions?

jon
  • 0

#4
jonard
Posted 22 August 2011 - 10:40 AM

jonard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Disreguard the last post. Here is the OTL Log
I still get the blue screen on the aswMBR.exe

OTL logfile created on: 8/22/2011 12:20:40 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 59.41% Memory free
8.12 Gb Paging File | 6.25 Gb Available in Paging File | 76.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.68 Gb Total Space | 387.83 Gb Free Space | 86.05% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.59 Gb Free Space | 43.94% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/22 01:20:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
PRC - [2011/08/10 23:01:12 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/08/02 21:06:58 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/08/02 21:06:47 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/07/29 15:42:42 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/07/11 10:07:44 | 003,996,864 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/16 13:25:58 | 015,502,336 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/10 07:38:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/10 07:35:39 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/10 03:07:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/08/02 21:06:53 | 002,557,952 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2011/03/16 13:25:58 | 015,502,336 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
MOD - [2011/03/16 13:25:58 | 000,159,744 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/03/16 13:25:58 | 000,126,976 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/03/16 13:25:58 | 000,069,632 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/03/16 13:25:58 | 000,020,480 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/30 08:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 08:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/02 21:06:58 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/07/11 10:07:44 | 003,996,864 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/05 00:54:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/11 10:07:54 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/07/11 10:07:50 | 000,056,920 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/04/27 03:05:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/30 08:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/24 04:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:7

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/19 23:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/30 01:30:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Owner\AppData\Roaming\Move Networks [2010/04/03 22:01:42 | 000,000,000 | ---D | M]

[2010/09/19 23:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/02/24 17:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\awiocurg.default\extensions
[2010/09/20 18:32:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\awiocurg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/19 23:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/03 22:01:42 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OWNER\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2011/08/22 00:41:13 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Owner\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://standrewslink...MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{c3ee4396-e6f6-11de-a112-002219f82665}\Shell\AutoRun\command - "" = wscript.exe \SMRTNTKY\script.js
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/22 11:39:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\RegRun2
[2011/08/22 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2011/08/22 03:07:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2011/08/22 01:43:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/22 01:41:26 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/08/22 01:20:49 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/08/22 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\GooredFix Backups
[2011/08/22 01:15:17 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Owner\Desktop\GooredFix.exe
[2011/08/22 00:23:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/21 21:47:12 | 000,000,000 | ---D | C] -- C:\Windows\system64
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/22 11:55:50 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/22 11:55:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/22 11:55:45 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/22 11:55:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/22 11:39:47 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/08/22 11:39:47 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/08/22 11:39:47 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/08/22 11:28:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/22 11:18:14 | 000,007,052 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/08/22 11:15:10 | 577,664,730 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/22 01:41:35 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/08/22 01:37:41 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\fo6ilrlk.exe
[2011/08/22 01:20:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/08/22 01:16:32 | 001,389,603 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2011/08/22 01:15:18 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Owner\Desktop\GooredFix.exe
[2011/08/10 23:19:29 | 000,000,920 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
[2011/08/10 03:02:17 | 000,718,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/10 03:02:17 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/10 03:02:17 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\woxk.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\vlgo.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\roaq.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\nyvx.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\hjkn.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\ejvm.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\ebbn.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\bakm.exe
[2011/08/01 15:48:18 | 000,104,484 | ---- | M] () -- C:\Users\Owner\Desktop\D1 Tuesday Night Schedule, Summer II 2011[1].pdf
[2011/07/25 17:38:52 | 000,002,609 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Excel 2007.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/22 11:39:47 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/08/22 11:39:47 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/08/22 11:39:47 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/08/22 01:43:39 | 577,664,730 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/22 01:37:41 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\fo6ilrlk.exe
[2011/08/22 01:16:31 | 001,389,603 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2011/08/10 23:19:29 | 000,000,920 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
[2011/08/04 03:22:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\woxk.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\vlgo.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\roaq.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\nyvx.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\hjkn.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\ejvm.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\ebbn.exe
[2011/08/04 03:22:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\bakm.exe
[2011/08/01 15:48:18 | 000,104,484 | ---- | C] () -- C:\Users\Owner\Desktop\D1 Tuesday Night Schedule, Summer II 2011[1].pdf
[2011/05/15 00:43:08 | 000,012,936 | -HS- | C] () -- C:\Users\Owner\AppData\Local\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/15 00:43:08 | 000,012,936 | -HS- | C] () -- C:\ProgramData\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/04/03 19:10:32 | 000,010,880 | -HS- | C] () -- C:\Users\Owner\AppData\Local\j638u7q3443b5j
[2011/04/03 19:10:32 | 000,010,880 | -HS- | C] () -- C:\ProgramData\j638u7q3443b5j
[2011/01/04 01:16:06 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/09/22 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/11 23:32:52 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/10/03 15:10:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/03 15:10:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/03 15:09:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/02 01:42:00 | 000,007,052 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/08/05 03:00:45 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/08/05 00:48:49 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/04/24 23:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/07/22 02:43:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BBD9C864B5B3FC6276C901C7172D0543
[2011/05/02 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/04 13:05:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2010/09/22 21:29:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DzSoft
[2010/09/22 21:31:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2011/08/22 11:46:20 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/04/24 23:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/04/24 23:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/24 23:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/24 23:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/24 23:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2010/11/12 16:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Users\Owner\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Owner\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Owner\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2009/04/24 23:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/24 23:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/24 23:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\system64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\system64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Owner\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Owner\AppData\Local\Temp\RarSFX1\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\system64\winlogon.exe
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Owner\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Owner\AppData\Local\Temp\RarSFX1\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/09/14 18:59:41 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/09/14 18:59:41 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/09/14 18:59:41 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/09/14 18:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/07/23 05:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/07/23 05:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/07/23 05:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/23 05:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/23 05:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/23 05:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#5
maliprog
Posted 22 August 2011 - 11:54 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jonard,

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{c3ee4396-e6f6-11de-a112-002219f82665}\Shell\AutoRun\command - "" = wscript.exe \SMRTNTKY\script.js
    [2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\woxk.exe
    [2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\vlgo.exe
    [2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\roaq.exe
    [2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\nyvx.exe
    [2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\hjkn.exe
    [2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\ejvm.exe
    [2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\ebbn.exe
    [2011/08/04 03:22:15 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\bakm.exe
    [2011/05/15 00:43:08 | 000,012,936 | -HS- | C] () -- C:\Users\Owner\AppData\Local\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
    [2011/05/15 00:43:08 | 000,012,936 | -HS- | C] () -- C:\ProgramData\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
    [2011/04/03 19:10:32 | 000,010,880 | -HS- | C] () -- C:\Users\Owner\AppData\Local\j638u7q3443b5j
    [2011/04/03 19:10:32 | 000,010,880 | -HS- | C] () -- C:\ProgramData\j638u7q3443b5j

    :Files
    ipconfig /flushdns /c
    C:\Users\Owner\AppData\Local\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
    C:\ProgramData\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
    C:\Users\Owner\AppData\Local\j638u7q3443b5j
    C:\ProgramData\j638u7q3443b5j

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • MBRCheck log
It would be helpful if you could post each log in separate post
  • 0

#6
jonard
Posted 23 August 2011 - 09:25 AM

jonard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL log

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3ee4396-e6f6-11de-a112-002219f82665}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ee4396-e6f6-11de-a112-002219f82665}\ not found.
File wscript.exe \SMRTNTKY\script.js not found.
C:\ProgramData\woxk.exe moved successfully.
C:\ProgramData\vlgo.exe moved successfully.
C:\Users\Owner\AppData\Local\roaq.exe moved successfully.
C:\ProgramData\nyvx.exe moved successfully.
C:\ProgramData\hjkn.exe moved successfully.
C:\Users\Owner\AppData\Local\ejvm.exe moved successfully.
C:\Users\Owner\AppData\Local\ebbn.exe moved successfully.
C:\Users\Owner\AppData\Local\bakm.exe moved successfully.
C:\Users\Owner\AppData\Local\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
C:\ProgramData\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
C:\Users\Owner\AppData\Local\j638u7q3443b5j moved successfully.
C:\ProgramData\j638u7q3443b5j moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\Owner\AppData\Local\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 not found.
File\Folder C:\ProgramData\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 not found.
File\Folder C:\Users\Owner\AppData\Local\j638u7q3443b5j not found.
File\Folder C:\ProgramData\j638u7q3443b5j not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 201797760 bytes
->Temporary Internet Files folder emptied: 71074122 bytes
->Java cache emptied: 508174 bytes
->FireFox cache emptied: 24648443 bytes
->Google Chrome cache emptied: 30463987 bytes
->Flash cache emptied: 3791786 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4577 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84226607 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 397.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08232011_110638

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PU0HYW8I\page__gopid__2051923[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PU0HYW8I\si[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXRBEJRR\ads[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP27EFBB\ads[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UX81U8R\ads[1].htm moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

Registry entries deleted on Reboot...
  • 0

#7
jonard
Posted 23 August 2011 - 09:27 AM

jonard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
tdsskiller log:

2011/08/23 11:17:45.0458 3396 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 11:17:45.0755 3396 ================================================================================
2011/08/23 11:17:45.0755 3396 SystemInfo:
2011/08/23 11:17:45.0755 3396
2011/08/23 11:17:45.0755 3396 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/23 11:17:45.0755 3396 Product type: Workstation
2011/08/23 11:17:45.0755 3396 ComputerName: OWNER-PC
2011/08/23 11:17:45.0755 3396 UserName: Owner
2011/08/23 11:17:45.0755 3396 Windows directory: C:\Windows
2011/08/23 11:17:45.0755 3396 System windows directory: C:\Windows
2011/08/23 11:17:45.0755 3396 Running under WOW64
2011/08/23 11:17:45.0755 3396 Processor architecture: Intel x64
2011/08/23 11:17:45.0755 3396 Number of processors: 2
2011/08/23 11:17:45.0755 3396 Page size: 0x1000
2011/08/23 11:17:45.0755 3396 Boot type: Normal boot
2011/08/23 11:17:45.0755 3396 ================================================================================
2011/08/23 11:17:47.0752 3396 Initialize success
2011/08/23 11:18:14.0802 3912 ================================================================================
2011/08/23 11:18:14.0802 3912 Scan started
2011/08/23 11:18:14.0802 3912 Mode: Manual;
2011/08/23 11:18:14.0802 3912 ================================================================================
2011/08/23 11:18:17.0938 3912 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/08/23 11:18:18.0343 3912 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/08/23 11:18:18.0530 3912 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/08/23 11:18:18.0640 3912 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/08/23 11:18:18.0671 3912 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/08/23 11:18:18.0905 3912 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/08/23 11:18:19.0108 3912 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/08/23 11:18:19.0295 3912 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/08/23 11:18:19.0388 3912 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/08/23 11:18:19.0482 3912 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/08/23 11:18:19.0654 3912 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/08/23 11:18:19.0888 3912 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/08/23 11:18:19.0981 3912 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/08/23 11:18:20.0246 3912 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/08/23 11:18:20.0558 3912 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 11:18:20.0730 3912 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/08/23 11:18:20.0964 3912 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/08/23 11:18:21.0307 3912 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 11:18:21.0604 3912 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/23 11:18:21.0635 3912 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/08/23 11:18:21.0682 3912 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/08/23 11:18:21.0713 3912 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/08/23 11:18:21.0744 3912 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/23 11:18:21.0775 3912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/08/23 11:18:21.0838 3912 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/08/23 11:18:21.0869 3912 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 11:18:21.0947 3912 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 11:18:22.0025 3912 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 11:18:22.0087 3912 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/08/23 11:18:22.0196 3912 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 11:18:22.0274 3912 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/08/23 11:18:22.0337 3912 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 11:18:22.0352 3912 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/23 11:18:22.0493 3912 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 11:18:22.0664 3912 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/08/23 11:18:23.0195 3912 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 11:18:23.0304 3912 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 11:18:23.0429 3912 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/08/23 11:18:23.0460 3912 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/08/23 11:18:23.0538 3912 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/08/23 11:18:23.0600 3912 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/08/23 11:18:23.0678 3912 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2011/08/23 11:18:23.0741 3912 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/08/23 11:18:23.0788 3912 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 11:18:23.0897 3912 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 11:18:23.0928 3912 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 11:18:23.0959 3912 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 11:18:24.0022 3912 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 11:18:24.0084 3912 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 11:18:24.0131 3912 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 11:18:24.0178 3912 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/23 11:18:24.0287 3912 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 11:18:24.0365 3912 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/08/23 11:18:24.0412 3912 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 11:18:24.0474 3912 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 11:18:24.0536 3912 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/08/23 11:18:24.0692 3912 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 11:18:24.0802 3912 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/08/23 11:18:24.0895 3912 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 11:18:24.0942 3912 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/08/23 11:18:25.0238 3912 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/23 11:18:25.0597 3912 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/08/23 11:18:25.0706 3912 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
2011/08/23 11:18:25.0738 3912 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/08/23 11:18:25.0769 3912 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 11:18:25.0894 3912 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 11:18:25.0925 3912 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/23 11:18:26.0018 3912 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/23 11:18:26.0050 3912 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/08/23 11:18:26.0081 3912 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/08/23 11:18:26.0143 3912 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 11:18:26.0221 3912 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/08/23 11:18:26.0252 3912 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
2011/08/23 11:18:26.0299 3912 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/08/23 11:18:26.0362 3912 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/08/23 11:18:26.0393 3912 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 11:18:26.0502 3912 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 11:18:26.0580 3912 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 11:18:26.0658 3912 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 11:18:27.0032 3912 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 11:18:27.0188 3912 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/23 11:18:27.0844 3912 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/23 11:18:28.0374 3912 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/23 11:18:30.0184 3912 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 11:18:31.0198 3912 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/08/23 11:18:32.0196 3912 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/08/23 11:18:32.0446 3912 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/08/23 11:18:32.0773 3912 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 11:18:33.0335 3912 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 11:18:34.0084 3912 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 11:18:34.0489 3912 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 11:18:35.0768 3912 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/08/23 11:18:36.0502 3912 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 11:18:37.0063 3912 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/23 11:18:37.0750 3912 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 11:18:37.0859 3912 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 11:18:39.0200 3912 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 11:18:39.0996 3912 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 11:18:43.0225 3912 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/08/23 11:18:43.0303 3912 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/08/23 11:18:43.0553 3912 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 11:18:43.0802 3912 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/08/23 11:18:44.0083 3912 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 11:18:44.0692 3912 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 11:18:44.0801 3912 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 11:18:45.0394 3912 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 11:18:45.0596 3912 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 11:18:46.0064 3912 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 11:18:47.0702 3912 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/08/23 11:18:48.0404 3912 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 11:18:50.0245 3912 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/08/23 11:18:50.0807 3912 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 11:18:51.0602 3912 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 11:18:52.0117 3912 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 11:18:52.0694 3912 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 11:18:52.0835 3912 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 11:18:54.0816 3912 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 11:18:55.0736 3912 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
2011/08/23 11:18:56.0126 3912 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/08/23 11:18:56.0766 3912 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 11:18:56.0906 3912 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 11:18:57.0296 3912 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 11:18:57.0484 3912 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/08/23 11:18:57.0577 3912 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 11:18:57.0671 3912 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 11:18:57.0764 3912 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/08/23 11:18:57.0936 3912 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2011/08/23 11:18:57.0983 3912 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
2011/08/23 11:18:58.0108 3912 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 11:18:58.0186 3912 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/08/23 11:18:58.0217 3912 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 11:18:58.0295 3912 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/08/23 11:18:58.0326 3912 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/08/23 11:18:58.0357 3912 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/08/23 11:18:58.0388 3912 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/08/23 11:18:58.0669 3912 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 11:18:58.0763 3912 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/08/23 11:18:59.0012 3912 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 11:18:59.0184 3912 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/23 11:18:59.0356 3912 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/08/23 11:18:59.0496 3912 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/08/23 11:18:59.0621 3912 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 11:18:59.0824 3912 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/23 11:19:00.0026 3912 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 11:19:00.0104 3912 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 11:19:00.0276 3912 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 11:19:00.0432 3912 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 11:19:00.0541 3912 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 11:19:00.0697 3912 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 11:19:00.0931 3912 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/08/23 11:19:01.0009 3912 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 11:19:01.0540 3912 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 11:19:01.0867 3912 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/08/23 11:19:01.0930 3912 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/08/23 11:19:01.0961 3912 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/08/23 11:19:02.0023 3912 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 11:19:02.0101 3912 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/23 11:19:02.0242 3912 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/23 11:19:02.0382 3912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 11:19:02.0694 3912 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/08/23 11:19:02.0756 3912 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/08/23 11:19:02.0819 3912 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/08/23 11:19:02.0897 3912 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/08/23 11:19:02.0975 3912 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/23 11:19:03.0006 3912 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/23 11:19:03.0053 3912 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/08/23 11:19:03.0115 3912 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/08/23 11:19:03.0178 3912 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/08/23 11:19:03.0240 3912 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 11:19:03.0334 3912 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/08/23 11:19:03.0490 3912 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 11:19:03.0536 3912 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 11:19:03.0568 3912 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 11:19:03.0661 3912 ssfmonm (a4c4a1fedfbed04b39efae9f1311ed5e) C:\Windows\system32\DRIVERS\ssfmonm.sys
2011/08/23 11:19:03.0692 3912 ssidrv (1cc88f50bd4e6fd6eac5c5365ceb6583) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/08/23 11:19:03.0848 3912 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/23 11:19:03.0911 3912 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 11:19:04.0067 3912 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/08/23 11:19:04.0192 3912 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/08/23 11:19:04.0238 3912 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/08/23 11:19:04.0566 3912 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 11:19:04.0940 3912 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 11:19:05.0065 3912 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 11:19:05.0112 3912 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 11:19:05.0159 3912 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 11:19:05.0206 3912 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 11:19:05.0268 3912 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 11:19:05.0502 3912 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 11:19:05.0611 3912 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/23 11:19:05.0689 3912 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 11:19:05.0720 3912 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/08/23 11:19:05.0783 3912 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 11:19:05.0861 3912 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/23 11:19:05.0892 3912 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/08/23 11:19:05.0908 3912 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/08/23 11:19:05.0939 3912 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/08/23 11:19:05.0970 3912 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 11:19:06.0048 3912 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 11:19:06.0095 3912 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/08/23 11:19:06.0157 3912 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/23 11:19:06.0220 3912 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 11:19:06.0266 3912 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/08/23 11:19:06.0298 3912 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 11:19:06.0344 3912 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/23 11:19:06.0407 3912 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/23 11:19:06.0454 3912 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/23 11:19:06.0500 3912 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 11:19:06.0532 3912 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/08/23 11:19:06.0563 3912 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/08/23 11:19:06.0594 3912 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/08/23 11:19:06.0656 3912 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 11:19:06.0734 3912 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/08/23 11:19:06.0797 3912 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/08/23 11:19:06.0859 3912 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/08/23 11:19:06.0906 3912 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 11:19:06.0922 3912 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 11:19:06.0984 3912 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/08/23 11:19:07.0046 3912 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 11:19:07.0218 3912 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 11:19:07.0280 3912 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 11:19:07.0343 3912 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 11:19:07.0390 3912 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/23 11:19:07.0436 3912 Boot (0x1200) (d0392a61bc76dba71380647c51064ef7) \Device\Harddisk0\DR0\Partition0
2011/08/23 11:19:07.0452 3912 Boot (0x1200) (2ff32efb85adcc65dc0f4a58609b1417) \Device\Harddisk0\DR0\Partition1
2011/08/23 11:19:07.0468 3912 ================================================================================
2011/08/23 11:19:07.0468 3912 Scan finished
2011/08/23 11:19:07.0468 3912 ================================================================================
2011/08/23 11:19:07.0483 4208 Detected object count: 0
2011/08/23 11:19:07.0483 4208 Actual detected object count: 0
  • 0

#8
jonard
Posted 23 August 2011 - 09:28 AM

jonard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
MBRCheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x01C1F000 \SystemRoot\system32\ntoskrnl.exe
0x02137000 \SystemRoot\system32\hal.dll
0x0060A000 \SystemRoot\system32\kdcom.dll
0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064F000 \SystemRoot\system32\PSHED.dll
0x00663000 \SystemRoot\system32\CLFS.SYS
0x006C0000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F6000 \SystemRoot\system32\drivers\acpi.sys
0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095F000 \SystemRoot\system32\drivers\pci.sys
0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
0x009A4000 \SystemRoot\system32\DRIVERS\ssidrv.sys
0x009CA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009CE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009DA000 \SystemRoot\system32\drivers\volmgr.sys
0x00772000 \SystemRoot\System32\drivers\volmgrx.sys
0x007D8000 \SystemRoot\System32\drivers\mountmgr.sys
0x009EE000 \SystemRoot\system32\drivers\atapi.sys
0x00A0F000 \SystemRoot\system32\drivers\ataport.SYS
0x00A33000 \SystemRoot\system32\drivers\msahci.sys
0x00A3D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A4D000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A94000 \SystemRoot\system32\drivers\fileinfo.sys
0x00AA8000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00AB4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0E000 \SystemRoot\system32\drivers\ndis.sys
0x00B3B000 \SystemRoot\system32\drivers\msrpc.sys
0x00B8B000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0D000 \SystemRoot\System32\drivers\tcpip.sys
0x00F83000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118B000 \SystemRoot\system32\drivers\volsnap.sys
0x011CF000 \SystemRoot\System32\Drivers\spldr.sys
0x011D7000 \SystemRoot\System32\Drivers\mup.sys
0x00FAF000 \SystemRoot\System32\drivers\ecache.sys
0x011E9000 \SystemRoot\system32\drivers\disk.sys
0x00DD1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\drivers\crcdisk.sys
0x00E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0200B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02A2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02B0D000 \SystemRoot\System32\drivers\watchdog.sys
0x02B1D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02B29000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02B6F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02C07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02E0D000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0329C000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x032DB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x032ED000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x032FD000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x0331D000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03332000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03349000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x033A0000 \SystemRoot\system32\DRIVERS\itecir.sys
0x02CF4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02D0A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02D18000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02D55000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D71000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02D84000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x033FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02D8D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02B80000 \SystemRoot\system32\DRIVERS\storport.sys
0x02DC6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02DD3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02BDD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0340B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0343C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0344C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0346A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03482000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03495000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03497000 \SystemRoot\system32\DRIVERS\ks.sys
0x034CB000 \SystemRoot\system32\DRIVERS\circlass.sys
0x034DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x034E7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x034F7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0353F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03553000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x07208000 \SystemRoot\system32\DRIVERS\portcls.sys
0x07243000 \SystemRoot\system32\DRIVERS\drmk.sys
0x07266000 \SystemRoot\system32\drivers\ksthunk.sys
0x0726C000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x07290000 \SystemRoot\system32\DRIVERS\hidir.sys
0x0729B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x072AD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x072B5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x072C0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x072CB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x072E7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x072E9000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x07338000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x07360000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0736A000 \SystemRoot\System32\Drivers\Null.SYS
0x07373000 \SystemRoot\System32\drivers\vga.sys
0x07381000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x073A6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x073AF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x073B8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x073C3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x073D4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x073DD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x035CC000 \SystemRoot\system32\DRIVERS\smb.sys
0x0760E000 \SystemRoot\system32\drivers\afd.sys
0x07679000 \SystemRoot\System32\DRIVERS\netbt.sys
0x076BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x076DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x076EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x07705000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x07752000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0775E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0777B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07789000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07795000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0779F000 \SystemRoot\System32\drivers\Dxapi.sys
0x077AB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x077BE000 \SystemRoot\system32\drivers\luafv.sys
0x077E0000 \SystemRoot\system32\DRIVERS\ssfmonm.sys
0x18C03000 \SystemRoot\system32\drivers\spsys.sys
0x18C9D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x18CB1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x18CE5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x18CF0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x18D08000 \SystemRoot\system32\drivers\HTTP.sys
0x18DAB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x18DD4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x19604000 \SystemRoot\system32\drivers\mrxdav.sys
0x1962B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x19654000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x1969D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x196BC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x196EE000 \SystemRoot\System32\DRIVERS\srv.sys
0x19C04000 \SystemRoot\system32\drivers\peauth.sys
0x19CBA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x19CC5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x19CD5000 \SystemRoot\System32\Drivers\fastfat.SYS
0x19D0A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779B0000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe
492 csrss.exe
540 C:\Windows\System32\wininit.exe
556 csrss.exe
616 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
860 C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
892 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
196 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
480 C:\Windows\System32\audiodg.exe
1128 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\SLsvc.exe
1204 C:\Windows\System32\svchost.exe
1352 C:\Program Files\Dell\DellDock\DockLogin.exe
1500 C:\Windows\System32\svchost.exe
1924 C:\Windows\System32\spoolsv.exe
1932 C:\Windows\System32\dwm.exe
1944 C:\Windows\System32\taskeng.exe
1992 C:\Windows\System32\svchost.exe
2020 C:\Windows\explorer.exe
1164 C:\Windows\System32\taskeng.exe
2208 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2232 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
2356 C:\Windows\System32\svchost.exe
2460 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2536 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2584 C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
2816 C:\Windows\System32\svchost.exe
2836 C:\Windows\System32\SearchIndexer.exe
2768 C:\Windows\notepad.exe
1680 C:\Program Files\Windows Defender\MSASCui.exe
1708 C:\Program Files\DellTPad\Apoint.exe
2904 C:\Program Files\IDT\WDM\sttray64.exe
680 C:\Windows\System32\hkcmd.exe
3040 C:\Windows\System32\igfxpers.exe
1096 C:\Program Files\Windows Sidebar\sidebar.exe
1664 C:\Users\Owner\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
2676 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
496 C:\Program Files\DellTPad\ApMsgFwd.exe
1980 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
2808 C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
2760 C:\Windows\System32\igfxsrvc.exe
3552 C:\Program Files\DellTPad\hidfind.exe
3568 C:\Program Files\DellTPad\ApntEx.exe
3660 C:\Windows\System32\SearchProtocolHost.exe
4000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2028 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2604 WmiPrvSE.exe
4264 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
4400 C:\Windows\System32\wbem\unsecapp.exe
3212 SSU.exe
3440 C:\Windows\System32\svchost.exe
4596 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
888 C:\Windows\servicing\TrustedInstaller.exe
4968 C:\Windows\SysWOW64\notepad.exe
5072 C:\Windows\System32\SearchFilterHost.exe
712 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c4f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-75ZAT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
  • 0

#9
maliprog
Posted 23 August 2011 - 10:28 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jonard,

After these steps test your system and report here do you still have redirections.

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • New OTL scan log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#10
jonard
Posted 23 August 2011 - 12:25 PM

jonard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I am still getting the redirect issues

step 1: I was unable to complete the combo fix. I allowed it to run over 30 minutes and it seemed to get stuck after completing the 4 stage.

Attached is the OTL log

OTL logfile created on: 8/23/2011 2:16:24 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 65.93% Memory free
8.09 Gb Paging File | 6.64 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.68 Gb Total Space | 404.91 Gb Free Space | 89.84% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.59 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/22 01:20:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
PRC - [2011/08/02 21:06:58 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/08/02 21:06:47 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/07/11 10:07:44 | 003,996,864 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/16 13:25:58 | 015,502,336 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/10 07:38:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/10 07:35:39 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/10 03:07:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/08/02 21:06:53 | 002,557,952 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2011/03/16 13:25:58 | 015,502,336 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
MOD - [2011/03/16 13:25:58 | 000,159,744 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/03/16 13:25:58 | 000,126,976 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/03/16 13:25:58 | 000,069,632 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/03/16 13:25:58 | 000,020,480 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/30 08:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 08:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/02 21:06:58 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/07/11 10:07:44 | 003,996,864 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/05 00:54:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/11 10:07:54 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/07/11 10:07:50 | 000,056,920 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/04/27 03:05:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/30 08:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/24 04:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:7

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/19 23:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/30 01:30:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Owner\AppData\Roaming\Move Networks [2010/04/03 22:01:42 | 000,000,000 | ---D | M]

[2010/09/19 23:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/02/24 17:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\awiocurg.default\extensions
[2010/09/20 18:32:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\awiocurg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/19 23:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/03 22:01:42 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OWNER\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2011/08/23 11:56:59 | 000,000,605 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\Owner\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://standrewslink...MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 13:33:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/23 13:33:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/23 13:33:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/23 13:33:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/23 13:33:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/23 13:33:19 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/08/23 13:30:48 | 004,181,405 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/08/23 11:06:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/22 23:51:36 | 001,405,744 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2011/08/22 17:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/22 11:39:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\RegRun2
[2011/08/22 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2011/08/22 03:07:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2011/08/22 01:43:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/22 01:41:26 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/08/22 01:20:49 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/08/22 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\GooredFix Backups
[2011/08/22 01:15:17 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Owner\Desktop\GooredFix.exe
[2011/08/22 00:23:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/21 21:47:12 | 000,000,000 | ---D | C] -- C:\Windows\system64

========== Files - Modified Within 30 Days ==========

[2011/08/23 14:14:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 14:14:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 14:14:08 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/23 14:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/23 13:31:00 | 004,181,405 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/08/23 13:28:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/22 23:59:04 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2011/08/22 23:51:40 | 001,405,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2011/08/22 22:49:05 | 000,002,651 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
[2011/08/22 17:25:01 | 000,007,052 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/08/22 11:39:47 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/08/22 11:39:47 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/08/22 11:39:47 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/08/22 11:15:10 | 577,664,730 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/22 01:41:35 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/08/22 01:37:41 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\fo6ilrlk.exe
[2011/08/22 01:20:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/08/22 01:16:32 | 001,389,603 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2011/08/22 01:15:18 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Owner\Desktop\GooredFix.exe
[2011/08/10 23:19:29 | 000,000,920 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
[2011/08/10 03:02:17 | 000,718,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/10 03:02:17 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/10 03:02:17 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/01 15:48:18 | 000,104,484 | ---- | M] () -- C:\Users\Owner\Desktop\D1 Tuesday Night Schedule, Summer II 2011[1].pdf
[2011/07/25 17:38:52 | 000,002,609 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Excel 2007.lnk

========== Files Created - No Company Name ==========

[2011/08/23 13:33:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/23 13:33:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/23 13:33:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/23 13:33:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/23 13:33:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/22 23:59:03 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2011/08/22 11:39:47 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/08/22 11:39:47 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/08/22 11:39:47 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/08/22 01:43:39 | 577,664,730 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/22 01:37:41 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\fo6ilrlk.exe
[2011/08/22 01:16:31 | 001,389,603 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2011/08/10 23:19:29 | 000,000,920 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
[2011/08/01 15:48:18 | 000,104,484 | ---- | C] () -- C:\Users\Owner\Desktop\D1 Tuesday Night Schedule, Summer II 2011[1].pdf
[2011/01/04 01:16:06 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/09/22 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/11 23:32:52 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/10/03 15:10:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/03 15:10:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/03 15:09:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/02 01:42:00 | 000,007,052 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/08/05 03:00:45 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/08/05 00:48:49 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/04/24 23:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/07/22 02:43:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BBD9C864B5B3FC6276C901C7172D0543
[2011/05/02 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/04 13:05:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2010/09/22 21:29:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DzSoft
[2010/09/22 21:31:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2011/08/23 14:13:12 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#11
maliprog
Posted 23 August 2011 - 01:22 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Try to run Combofix from Safe mode

Please restart in safe mode:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#12
jonard
Posted 23 August 2011 - 01:47 PM

jonard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for the quick reply, I ran the combo fix with success. I checked the redirection issue and it seems to be fixed. Here is the log report from the combo fix. Please let me know if I need to do anything else to clean up my computer. Again I appreciate how easliy you made this, your the best!

ComboFix 11-08-23.03 - Owner 08/23/2011 15:30:13.2.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.3131 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\Adobe\shed
c:\windows\system32\consrv.dll
c:\windows\System64
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-23 19:36 . 2011-08-23 19:37 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-08-23 19:36 . 2011-08-23 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-23 15:06 . 2011-08-23 15:06 -------- d-----w- C:\_OTL
2011-08-22 21:09 . 2011-08-22 21:15 -------- d-----w- c:\programdata\Hitman Pro
2011-08-22 15:39 . 2011-08-22 15:39 2 --shatr- c:\windows\winstart.bat
2011-08-22 15:39 . 2011-08-22 16:01 -------- d-----w- c:\program files (x86)\UnHackMe
2011-08-19 23:54 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88F2B998-150C-48A5-9A78-788B4AC101FC}\mpengine.dll
2011-08-09 23:36 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 23:36 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-09 23:36 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 23:36 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 23:36 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 23:36 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-04 00:52 . 2011-08-11 03:01 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 14:07 . 2009-04-21 22:27 136224 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-07-11 14:07 . 2011-01-04 05:16 56920 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-07-06 23:52 . 2010-10-17 23:02 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-10-17 23:02 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:50 . 2011-07-13 03:56 2764288 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2011-08-03 1382984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\users\Owner\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files (x86)\Java\jre6\bin\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-08-03 3381184]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 17:08]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 17:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF25532.cfxxe" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-27 309760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://cnn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocx
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\awiocurg.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\users\Owner\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-08-23 15:44:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-23 19:44
.
Pre-Run: 434,581,168,128 bytes free
Post-Run: 433,975,259,136 bytes free
.
- - End Of File - - 47E5F4680305AFBE0FC7950D5C68A6EA
  • 0

#13
maliprog
Posted 23 August 2011 - 02:39 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that. Let's make sure nothing is left.

Update Malwarebytes and do Quick Scan. Post log after the scan.
  • 0

#14
jonard
Posted 23 August 2011 - 05:16 PM

jonard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks again, attached is the Malware log. Any suggestions on how to prevent this happening again?

Jon

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7548

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

8/23/2011 7:14:51 PM
mbam-log-2011-08-23 (19-14-51).txt

Scan type: Quick scan
Objects scanned: 175099
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
maliprog
Posted 23 August 2011 - 11:02 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jonard,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP