Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search links redirecting to unusual websites [Solved]

Started by RandomNewPerson , Mar 16 2012 04:22 PM

  • This topic is locked This topic is locked

#1
RandomNewPerson
Posted 16 March 2012 - 04:22 PM

RandomNewPerson

    Member

  • Member
  • PipPip
  • 17 posts
Hello, I've recently been having my search links in Firefox redirect me to unrelated and rather suspicious search sites such as "www.happili.com" and "www.gimmeanswers.org". It does not happen all the time, but to me it seems to occur too frequently to be the result of simple misclicks or legitimate redirects so I am suspecting malware of some kind.

I have read the thread "How to fix Google Redirects" and tried both GooredFix and TDSSKiller and while TDSSKiller turns up "suspicious" but not "malicious" files, GooredFix did not seem to pick up anything. I am still getting the problem after going through the fixes in that thread.

Here is the OTL log (below).

=======================================================================================

OTL logfile created on: 3/16/2012 5:12:15 PM - Run 1

OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



503.36 Mb Total Physical Memory | 108.92 Mb Available Physical Memory | 21.64% Memory free

1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.18% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 106.22 Gb Total Space | 35.40 Gb Free Space | 33.33% Space Free | Partition Type: NTFS

Drive D: | 5.55 Gb Total Space | 0.96 Gb Free Space | 17.34% Space Free | Partition Type: FAT32



Computer Name: HAYASHI | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2012/03/16 17:05:32 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/02/19 12:34:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2005/01/28 14:35:58 | 000,434,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2004/12/10 12:45:26 | 000,049,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

PRC - [2003/08/09 12:27:16 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe

PRC - [2003/07/14 10:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe

PRC - [2003/06/13 07:08:16 | 000,233,472 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

PRC - [2003/02/21 07:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe

PRC - [2002/10/07 10:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe





========== Modules (No Company Name) ==========



MOD - [2012/03/16 03:49:36 | 001,742,336 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12031600\algo.dll

MOD - [2012/02/19 12:34:12 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/11/16 13:03:30 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2008/02/08 18:40:02 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll

MOD - [2005/09/30 08:46:37 | 001,908,736 | ---- | M] () -- C:\Program Files\Matroska Pack\ffdshow\ffdshow.ax

MOD - [2005/01/28 14:31:34 | 000,045,056 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\gamehook.dll

MOD - [2003/06/17 02:57:56 | 000,163,840 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll

MOD - [2003/02/21 07:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe

MOD - [2003/02/21 06:50:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll

MOD - [2003/02/21 06:49:54 | 000,172,032 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPComm.dll

MOD - [2002/10/07 10:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe





========== Win32 Services (SafeList) ==========



SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)

SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2003/02/21 07:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)





========== Driver Services (SafeList) ==========



DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | Boot | Unknown] -- -- (IPVNMon)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\hamachi.sys -- (hamachi)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ae2mjwqe)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.serial)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.mrxsmb)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.cdrom)

DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/02/04 13:19:04 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2007/10/26 11:20:40 | 004,124,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2007/09/28 14:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)

DRV - [2007/09/28 14:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)

DRV - [2007/08/15 22:24:46 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2005/09/02 13:20:47 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)

DRV - [2004/12/10 12:48:46 | 000,024,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2004/12/10 12:48:40 | 000,068,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2004/12/10 12:48:18 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2004/12/10 12:48:08 | 000,052,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2004/12/10 12:47:58 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2004/08/04 01:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)

DRV - [2004/07/12 12:38:12 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2003/12/15 09:57:20 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/12/12 19:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2003/08/11 13:22:54 | 000,040,228 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)

DRV - [2003/07/22 02:14:04 | 000,004,608 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\npptNT.sys -- (NPPTNT)

DRV - [2003/05/06 18:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2003/04/11 11:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2003/03/20 01:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)

DRV - [2003/02/20 19:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)

DRV - [2002/12/27 14:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)

DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

DRV - [2002/10/01 10:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2002/08/29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2002/08/29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost



========== FireFox ==========



FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: [email protected]:1.0





FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/15 20:02:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 12:34:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 17:34:48 | 000,000,000 | ---D | M]



[2008/08/27 10:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2012/03/14 20:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9lnz177.default\extensions

[2011/11/08 20:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W9LNZ177.DEFAULT\EXTENSIONS\[email protected]

[2012/03/15 20:02:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

[2012/02/19 12:34:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2012/02/13 17:04:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/13 17:04:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml



O1 HOSTS File: ([2002/08/29 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {16f75108-5e2b-41b9-98d8-35c74974c721} - No CLSID value found.

O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()

O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount File not found

O4 - HKCU..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe ( )

O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [RecordNow!] File not found

O4 - HKCU..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.2.10)_Gecko/20100914_Firefox/3.6.10_(_.NET_CLR_3.5.30729)" -"http://woz.commtechl...trail/play.htm" File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html File not found

O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1134004834593 (MUWebControl Class)

O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://qcmaila.qc.cuny.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://qcmail.qc.cuny.edu/dwa7W.cab (Domino Web Access 7 Control)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012AA18E-CF24-4C09-8FAC-A62D0E6BCDBD}: DhcpNameServer = 192.168.1.1 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()

O24 - Desktop Components:0 () - http://alloftheabove.../magical800.gif

O24 - Desktop Components:1 () - http://alloftheabove...xploring800.jpg

O24 - Desktop Components:2 () - http://alloftheabove...ds/tree_800.jpg

O24 - Desktop Components:3 () - http://alloftheabove...s/yukon_800.jpg

O24 - Desktop Components:4 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - Unable to open key or key not present!

O32 - AutoRun File - [2003/08/23 08:53:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/05/04 01:08:04 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2012/03/16 17:05:22 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/03/09 19:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Miranda IM

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2012/03/16 17:27:33 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/16 17:20:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1050407765-2127104703-3310192392-1009UA.job

[2012/03/16 17:05:32 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/03/16 16:35:44 | 000,000,622 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job

[2012/03/16 13:59:37 | 000,001,403 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2012/03/16 13:59:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/16 13:58:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/16 13:25:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/16 13:25:03 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/16 00:29:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/03/15 23:47:40 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\EV Nova Prefs.prf

[2012/03/15 16:37:35 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/12 12:20:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1050407765-2127104703-3310192392-1009Core.job

[2012/03/11 11:51:36 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/11 11:51:36 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]



========== Files Created - No Company Name ==========



[2011/12/26 20:42:44 | 000,013,310 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\23jy7364j01tgdd21ehpv45u53x26s5y

[2011/12/26 20:42:44 | 000,013,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\23jy7364j01tgdd21ehpv45u53x26s5y

[2011/12/15 20:02:49 | 000,016,694 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\313628r8x660a371c644s3pff3f0

[2011/12/15 20:02:48 | 000,016,694 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\313628r8x660a371c644s3pff3f0

[2011/12/13 00:54:54 | 000,012,782 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prirkj0t1lsi5yne4mlx1x522m1x

[2011/12/13 00:54:54 | 000,012,782 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\prirkj0t1lsi5yne4mlx1x522m1x

[2011/05/03 22:41:10 | 000,012,204 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\x5si1vjuiny5

[2011/05/03 22:41:10 | 000,012,204 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x5si1vjuiny5

[2011/04/09 20:52:45 | 000,046,706 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\room.dat

[2010/09/26 13:35:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat



========== LOP Check ==========



[2008/06/11 16:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2010/11/17 11:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2008/03/11 19:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2009/03/15 19:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games

[2011/06/21 12:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2009/01/15 14:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock

[2010/03/31 15:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/06/11 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/09/02 14:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks

[2007/06/20 23:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO

[2012/02/13 16:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/01/29 21:17:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CC8D4389-E989-40EE-AF09-2330B1EE8BF7}

[2012/03/14 20:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.bittorrent

[2006/01/22 13:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim

[2005/04/01 20:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aladdin Systems

[2012/01/04 18:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitComet

[2006/04/18 13:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files

[2009/02/17 19:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2004/01/24 13:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute

[2004/06/12 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo

[2010/03/31 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin

[2004/06/16 12:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kontiki

[2004/03/14 15:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2010/08/26 16:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Miranda

[2004/06/05 11:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MX

[2010/05/14 12:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2012/01/04 19:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy

[2003/08/23 23:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2006/12/11 19:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro

[2009/01/15 14:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock

[2011/06/21 12:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab

[2004/01/14 18:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

[2007/05/13 09:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WholeSecurity



========== Purity Check ==========







========== Alternate Data Streams ==========



@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F



< End of report >

Edited by RandomNewPerson, 16 March 2012 - 04:25 PM.

  • 0

Advertisements

#2
Essexboy
Posted 17 March 2012 - 07:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you post the TDSSKiller log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.serial)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.mrxsmb)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.cdrom)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ae2mjwqe)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html
    O2 - BHO: (no name) - {16f75108-5e2b-41b9-98d8-35c74974c721} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    [2011/12/26 20:42:44 | 000,013,310 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\23jy7364j01tgdd21ehpv45u53x26s5y
    [2011/12/26 20:42:44 | 000,013,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\23jy7364j01tgdd21ehpv45u53x26s5y
    [2011/12/15 20:02:49 | 000,016,694 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\313628r8x660a371c644s3pff3f0
    [2011/12/15 20:02:48 | 000,016,694 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\313628r8x660a371c644s3pff3f0
    [2011/12/13 00:54:54 | 000,012,782 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prirkj0t1lsi5yne4mlx1x522m1x
    [2011/12/13 00:54:54 | 000,012,782 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\prirkj0t1lsi5yne4mlx1x522m1x
    [2011/05/03 22:41:10 | 000,012,204 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\x5si1vjuiny5
    [2011/05/03 22:41:10 | 000,012,204 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x5si1vjuiny5

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
RandomNewPerson
Posted 17 March 2012 - 01:59 PM

RandomNewPerson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
How do I disable Malwarebytes? I have Malwarebytes Anti-Malware 1.60.1.1000 installed and there does not seem to be an option to disable it.

In the meantime, my TDSSKiller log is below. I will carry out the rest of your instructions when I disable Malwarebytes.


====================================================================================


15:41:59.0203 4064 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

15:41:59.0640 4064 ============================================================

15:41:59.0640 4064 Current date / time: 2012/03/16 15:41:59.0640

15:41:59.0640 4064 SystemInfo:

15:41:59.0640 4064

15:41:59.0640 4064 OS Version: 5.1.2600 ServicePack: 3.0

15:41:59.0640 4064 Product type: Workstation

15:41:59.0640 4064 ComputerName: HAYASHI

15:41:59.0640 4064 UserName: Owner

15:41:59.0640 4064 Windows directory: C:\WINDOWS

15:41:59.0640 4064 System windows directory: C:\WINDOWS

15:41:59.0640 4064 Processor architecture: Intel x86

15:41:59.0640 4064 Number of processors: 2

15:41:59.0640 4064 Page size: 0x1000

15:41:59.0640 4064 Boot type: Normal boot

15:41:59.0640 4064 ============================================================

15:42:06.0218 4064 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

15:42:06.0468 4064 \Device\Harddisk0\DR0:

15:42:06.0484 4064 MBR used

15:42:06.0484 4064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xB1E0F1

15:42:06.0484 4064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB1E130, BlocksNum 0xD4717D0

15:42:06.0593 4064 Initialize success

15:42:06.0593 4064 ============================================================

15:42:24.0406 2860 ============================================================

15:42:24.0406 2860 Scan started

15:42:24.0406 2860 Mode: Manual; SigCheck; TDLFS;

15:42:24.0406 2860 ============================================================

15:42:24.0593 2860 .cdrom - ok

15:42:24.0593 2860 .mrxsmb - ok

15:42:24.0640 2860 .serial - ok

15:42:24.0828 2860 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

15:42:25.0468 2860 Aavmker4 - ok

15:42:25.0625 2860 Abiosdsk - ok

15:42:25.0796 2860 abp480n5 - ok

15:42:25.0984 2860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:42:30.0593 2860 ACPI - ok

15:42:30.0765 2860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:42:31.0078 2860 ACPIEC - ok

15:42:31.0265 2860 adpu160m - ok

15:42:31.0468 2860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:42:31.0765 2860 aec - ok

15:42:31.0984 2860 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:42:32.0109 2860 AFD - ok

15:42:32.0312 2860 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys

15:42:32.0343 2860 AFS2K - ok

15:42:32.0515 2860 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

15:42:32.0781 2860 agp440 - ok

15:42:32.0937 2860 Aha154x - ok

15:42:33.0093 2860 aic78u2 - ok

15:42:33.0234 2860 aic78xx - ok

15:42:33.0437 2860 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

15:42:33.0671 2860 ALCXSENS - ok

15:42:34.0062 2860 ALCXWDM (b786825902bd49232ba3b7df485ad9a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

15:42:34.0718 2860 ALCXWDM - ok

15:42:34.0875 2860 AliIde - ok

15:42:35.0078 2860 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

15:42:35.0343 2860 AmdK7 - ok

15:42:35.0500 2860 amsint - ok

15:42:35.0687 2860 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:42:35.0921 2860 Arp1394 - ok

15:42:36.0078 2860 asc - ok

15:42:36.0234 2860 asc3350p - ok

15:42:36.0406 2860 asc3550 - ok

15:42:36.0625 2860 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

15:42:36.0671 2860 aswFsBlk - ok

15:42:36.0843 2860 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

15:42:36.0906 2860 aswMon2 - ok

15:42:37.0093 2860 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys

15:42:37.0109 2860 aswRdr - ok

15:42:37.0375 2860 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

15:42:37.0578 2860 aswSnx - ok

15:42:37.0781 2860 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

15:42:37.0875 2860 aswSP - ok

15:42:38.0046 2860 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

15:42:38.0078 2860 aswTdi - ok

15:42:38.0250 2860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:42:38.0562 2860 AsyncMac - ok

15:42:38.0734 2860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:42:38.0968 2860 atapi - ok

15:42:39.0125 2860 Atdisk - ok

15:42:39.0312 2860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:42:39.0578 2860 Atmarpc - ok

15:42:39.0765 2860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:42:40.0046 2860 audstub - ok

15:42:40.0250 2860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:42:40.0531 2860 Beep - ok

15:42:40.0734 2860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:42:41.0000 2860 cbidf2k - ok

15:42:41.0156 2860 cd20xrnt - ok

15:42:41.0375 2860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:42:41.0890 2860 Cdaudio - ok

15:42:42.0078 2860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:42:42.0375 2860 Cdfs - ok

15:42:42.0515 2860 Changer - ok

15:42:42.0687 2860 CmdIde - ok

15:42:42.0843 2860 Cpqarray - ok

15:42:42.0921 2860 cpudrv - ok

15:42:43.0062 2860 dac2w2k - ok

15:42:43.0218 2860 dac960nt - ok

15:42:43.0437 2860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:42:43.0703 2860 Disk - ok

15:42:43.0937 2860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:42:44.0390 2860 dmboot - ok

15:42:44.0578 2860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:42:44.0859 2860 dmio - ok

15:42:45.0062 2860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:42:45.0484 2860 dmload - ok

15:42:45.0703 2860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:42:45.0937 2860 DMusic - ok

15:42:46.0109 2860 dpti2o - ok

15:42:46.0296 2860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:42:46.0515 2860 drmkaud - ok

15:42:46.0656 2860 EagleNT - ok

15:42:46.0890 2860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:42:47.0109 2860 Fastfat - ok

15:42:47.0296 2860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:42:47.0546 2860 Fdc - ok

15:42:47.0734 2860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:42:48.0015 2860 Fips - ok

15:42:48.0218 2860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:42:48.0515 2860 Flpydisk - ok

15:42:48.0718 2860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:42:48.0984 2860 FltMgr - ok

15:42:49.0203 2860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:42:49.0468 2860 Fs_Rec - ok

15:42:49.0671 2860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:42:49.0937 2860 Ftdisk - ok

15:42:50.0093 2860 GEARAspiWDM - ok

15:42:50.0140 2860 GGSAFERDriver - ok

15:42:50.0343 2860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:42:50.0593 2860 Gpc - ok

15:42:50.0750 2860 hamachi - ok

15:42:50.0953 2860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:42:51.0218 2860 HidUsb - ok

15:42:51.0390 2860 hpn - ok

15:42:51.0625 2860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:42:51.0750 2860 HTTP - ok

15:42:51.0906 2860 i2omgmt - ok

15:42:52.0062 2860 i2omp - ok

15:42:52.0250 2860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:42:52.0546 2860 i8042prt - ok

15:42:52.0796 2860 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

15:42:53.0000 2860 ialm - ok

15:42:53.0203 2860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:42:53.0453 2860 Imapi - ok

15:42:53.0656 2860 ini910u - ok

15:42:53.0843 2860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

15:42:54.0078 2860 IntelIde - ok

15:42:54.0265 2860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:42:54.0656 2860 intelppm - ok

15:42:54.0859 2860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:42:55.0078 2860 Ip6Fw - ok

15:42:55.0265 2860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:42:55.0562 2860 IpFilterDriver - ok

15:42:55.0750 2860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:42:55.0953 2860 IpInIp - ok

15:42:56.0156 2860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:42:56.0437 2860 IpNat - ok

15:42:56.0625 2860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:42:56.0843 2860 IPSec - ok

15:42:56.0984 2860 IPVNMon - ok

15:42:57.0171 2860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:42:57.0421 2860 IRENUM - ok

15:42:57.0640 2860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:42:57.0859 2860 isapnp - ok

15:42:58.0062 2860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:42:58.0343 2860 Kbdclass - ok

15:42:58.0562 2860 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:42:58.0828 2860 kbdhid - ok

15:42:59.0031 2860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:42:59.0250 2860 kmixer - ok

15:42:59.0437 2860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:42:59.0625 2860 KSecDD - ok

15:42:59.0812 2860 L8042Kbd (ad1541d5ff5b3f903da34737b6ba9a53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

15:42:59.0937 2860 L8042Kbd - ok

15:43:00.0156 2860 L8042mou (e9d3c991f28f01415a7b56a854d243d8) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

15:43:00.0328 2860 L8042mou - ok

15:43:00.0515 2860 lbrtfdc - ok

15:43:00.0750 2860 LHidKe (e47f94327e369ed6916049febf5f85e5) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

15:43:00.0781 2860 LHidKe - ok

15:43:00.0984 2860 LHidUsbK (a54c75e7481272eaaa6245683c89ecaa) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys

15:43:01.0093 2860 LHidUsbK - ok

15:43:01.0296 2860 LMouKE (0e34232fca6f20172b1d8b6e8a9a26d1) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

15:43:01.0421 2860 LMouKE - ok

15:43:01.0640 2860 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

15:43:01.0781 2860 ltmodem5 - ok

15:43:01.0984 2860 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

15:43:02.0062 2860 MCSTRM ( UnsignedFile.Multi.Generic ) - warning

15:43:02.0062 2860 MCSTRM - detected UnsignedFile.Multi.Generic (1)

15:43:02.0250 2860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:43:02.0531 2860 mnmdd - ok

15:43:02.0718 2860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:43:02.0984 2860 Modem - ok

15:43:03.0171 2860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:43:03.0406 2860 Mouclass - ok

15:43:03.0609 2860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:43:03.0828 2860 mouhid - ok

15:43:04.0015 2860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:43:04.0437 2860 MountMgr - ok

15:43:04.0609 2860 mraid35x - ok

15:43:04.0796 2860 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

15:43:04.0937 2860 MREMPR5 ( UnsignedFile.Multi.Generic ) - warning

15:43:04.0937 2860 MREMPR5 - detected UnsignedFile.Multi.Generic (1)

15:43:05.0109 2860 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

15:43:05.0203 2860 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning

15:43:05.0203 2860 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)

15:43:05.0390 2860 mrtRate - ok

15:43:05.0593 2860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:43:06.0109 2860 MRxDAV - ok

15:43:06.0328 2860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:43:06.0781 2860 Msfs - ok

15:43:07.0000 2860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:43:07.0234 2860 MSKSSRV - ok

15:43:07.0421 2860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:43:07.0671 2860 MSPCLOCK - ok

15:43:07.0843 2860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:43:08.0093 2860 MSPQM - ok

15:43:08.0296 2860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:43:08.0734 2860 mssmbios - ok

15:43:08.0953 2860 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:43:09.0046 2860 Mup - ok

15:43:09.0250 2860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:43:09.0593 2860 NDIS - ok

15:43:09.0781 2860 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:43:09.0921 2860 NdisTapi - ok

15:43:10.0109 2860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:43:10.0359 2860 Ndisuio - ok

15:43:10.0562 2860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:43:10.0875 2860 NdisWan - ok

15:43:11.0062 2860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:43:11.0187 2860 NDProxy - ok

15:43:11.0375 2860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:43:11.0609 2860 NetBIOS - ok

15:43:11.0812 2860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:43:12.0078 2860 NetBT - ok

15:43:12.0296 2860 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:43:12.0625 2860 NIC1394 - ok

15:43:12.0812 2860 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

15:43:13.0046 2860 nm - ok

15:43:13.0234 2860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:43:13.0562 2860 Npfs - ok

15:43:13.0718 2860 NPPTNT (074e989e9ea12230a9a44df435d30a39) C:\WINDOWS\System32\npptNT.sys

15:43:13.0843 2860 NPPTNT ( UnsignedFile.Multi.Generic ) - warning

15:43:13.0843 2860 NPPTNT - detected UnsignedFile.Multi.Generic (1)

15:43:14.0046 2860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:43:14.0484 2860 Ntfs - ok

15:43:14.0687 2860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:43:14.0953 2860 Null - ok

15:43:15.0250 2860 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:43:15.0859 2860 nv - ok

15:43:16.0062 2860 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

15:43:16.0156 2860 nv_agp - ok

15:43:16.0343 2860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:43:16.0640 2860 NwlnkFlt - ok

15:43:16.0812 2860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:43:17.0125 2860 NwlnkFwd - ok

15:43:17.0312 2860 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

15:43:17.0531 2860 NwlnkIpx - ok

15:43:17.0718 2860 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

15:43:18.0031 2860 NwlnkNb - ok

15:43:18.0234 2860 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

15:43:18.0531 2860 NwlnkSpx - ok

15:43:18.0734 2860 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:43:18.0937 2860 ohci1394 - ok

15:43:19.0156 2860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:43:19.0421 2860 Parport - ok

15:43:19.0609 2860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:43:19.0843 2860 PartMgr - ok

15:43:20.0031 2860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:43:20.0312 2860 ParVdm - ok

15:43:20.0515 2860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:43:20.0734 2860 PCI - ok

15:43:20.0875 2860 PCIDump - ok

15:43:21.0078 2860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:43:21.0359 2860 PCIIde - ok

15:43:21.0546 2860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:43:21.0796 2860 Pcmcia - ok

15:43:21.0953 2860 PDCOMP - ok

15:43:22.0109 2860 PDFRAME - ok

15:43:22.0250 2860 PDRELI - ok

15:43:22.0421 2860 PDRFRAME - ok

15:43:22.0593 2860 perc2 - ok

15:43:22.0750 2860 perc2hib - ok

15:43:22.0968 2860 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys

15:43:23.0015 2860 pfc ( UnsignedFile.Multi.Generic ) - warning

15:43:23.0015 2860 pfc - detected UnsignedFile.Multi.Generic (1)

15:43:23.0234 2860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:43:23.0500 2860 PptpMiniport - ok

15:43:23.0687 2860 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

15:43:23.0906 2860 Processor - ok

15:43:24.0125 2860 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys

15:43:24.0234 2860 Ps2 - ok

15:43:24.0437 2860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:43:24.0671 2860 PSched - ok

15:43:24.0859 2860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:43:25.0156 2860 Ptilink - ok

15:43:25.0359 2860 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

15:43:25.0375 2860 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

15:43:25.0375 2860 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

15:43:25.0546 2860 ql1080 - ok

15:43:25.0718 2860 Ql10wnt - ok

15:43:25.0875 2860 ql12160 - ok

15:43:26.0031 2860 ql1240 - ok

15:43:26.0187 2860 ql1280 - ok

15:43:26.0406 2860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:43:26.0734 2860 RasAcd - ok

15:43:26.0921 2860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:43:27.0140 2860 Rasl2tp - ok

15:43:27.0343 2860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:43:27.0562 2860 RasPppoe - ok

15:43:27.0750 2860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:43:28.0031 2860 Raspti - ok

15:43:28.0234 2860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:43:28.0437 2860 Rdbss - ok

15:43:28.0625 2860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:43:28.0890 2860 RDPCDD - ok

15:43:29.0093 2860 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

15:43:29.0187 2860 RDPWD - ok

15:43:29.0390 2860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:43:29.0656 2860 redbook - ok

15:43:29.0890 2860 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

15:43:30.0109 2860 RTL8023xp - ok

15:43:30.0296 2860 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

15:43:30.0421 2860 rtl8139 - ok

15:43:30.0625 2860 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys

15:43:30.0843 2860 S3Psddr - ok

15:43:30.0890 2860 SASKUTIL - ok

15:43:31.0093 2860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:43:31.0359 2860 Secdrv - ok

15:43:31.0562 2860 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:43:31.0796 2860 Serenum - ok

15:43:32.0000 2860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:43:32.0250 2860 Sfloppy - ok

15:43:32.0406 2860 Simbad - ok

15:43:32.0625 2860 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

15:43:32.0843 2860 SiS315 - ok

15:43:33.0031 2860 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

15:43:33.0125 2860 SISAGP - ok

15:43:33.0312 2860 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys

15:43:33.0390 2860 SiSkp - ok

15:43:33.0546 2860 Sparrow - ok

15:43:33.0750 2860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:43:34.0015 2860 splitter - ok

15:43:34.0250 2860 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys

15:43:34.0265 2860 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329

15:43:34.0265 2860 sptd ( LockedFile.Multi.Generic ) - warning

15:43:34.0265 2860 sptd - detected LockedFile.Multi.Generic (1)

15:43:34.0468 2860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:43:34.0812 2860 sr - ok

15:43:35.0031 2860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:43:35.0203 2860 Srv - ok

15:43:35.0406 2860 SunkFilt (a3df1466aafdc62b21765072c5edaa9a) C:\WINDOWS\System32\Drivers\sunkfilt.sys

15:43:35.0468 2860 SunkFilt ( UnsignedFile.Multi.Generic ) - warning

15:43:35.0468 2860 SunkFilt - detected UnsignedFile.Multi.Generic (1)

15:43:35.0656 2860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:43:35.0921 2860 swenum - ok

15:43:36.0109 2860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:43:36.0312 2860 swmidi - ok

15:43:36.0484 2860 symc810 - ok

15:43:36.0640 2860 symc8xx - ok

15:43:36.0843 2860 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\system32\drivers\symlcbrd.sys

15:43:36.0906 2860 symlcbrd ( UnsignedFile.Multi.Generic ) - warning

15:43:36.0906 2860 symlcbrd - detected UnsignedFile.Multi.Generic (1)

15:43:37.0062 2860 sym_hi - ok

15:43:37.0218 2860 sym_u3 - ok

15:43:37.0421 2860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:43:37.0625 2860 sysaudio - ok

15:43:37.0843 2860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:43:38.0031 2860 Tcpip - ok

15:43:38.0234 2860 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

15:43:38.0296 2860 Tcpip6 - ok

15:43:38.0500 2860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:43:38.0750 2860 TDPIPE - ok

15:43:38.0937 2860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:43:39.0203 2860 TDTCP - ok

15:43:39.0390 2860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:43:39.0609 2860 TermDD - ok

15:43:39.0781 2860 TosIde - ok

15:43:39.0984 2860 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

15:43:40.0218 2860 tunmp - ok

15:43:40.0421 2860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:43:40.0656 2860 Udfs - ok

15:43:40.0796 2860 ultra - ok

15:43:41.0015 2860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:43:41.0281 2860 Update - ok

15:43:41.0500 2860 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys

15:43:41.0593 2860 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

15:43:41.0593 2860 USBAAPL - detected UnsignedFile.Multi.Generic (1)

15:43:41.0796 2860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:43:42.0078 2860 usbehci - ok

15:43:42.0281 2860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:43:42.0515 2860 usbhub - ok

15:43:42.0703 2860 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

15:43:42.0953 2860 usbohci - ok

15:43:43.0140 2860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:43:43.0328 2860 usbscan - ok

15:43:43.0515 2860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:43:43.0734 2860 USBSTOR - ok

15:43:43.0906 2860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:43:44.0156 2860 usbuhci - ok

15:43:44.0343 2860 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

15:43:44.0546 2860 USB_RNDIS_XP - ok

15:43:44.0750 2860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:43:44.0984 2860 VgaSave - ok

15:43:45.0171 2860 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

15:43:45.0281 2860 viaagp1 - ok

15:43:45.0468 2860 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

15:43:45.0671 2860 ViaIde - ok

15:43:45.0890 2860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:43:46.0125 2860 VolSnap - ok

15:43:46.0328 2860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:43:46.0531 2860 Wanarp - ok

15:43:46.0687 2860 WDICA - ok

15:43:46.0890 2860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:43:47.0109 2860 wdmaud - ok

15:43:47.0359 2860 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:43:47.0640 2860 WS2IFSL - ok

15:43:47.0828 2860 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:43:47.0953 2860 WudfPf - ok

15:43:48.0265 2860 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys

15:43:48.0687 2860 {6080A529-897E-4629-A488-ABA0C29B635E} - ok

15:43:48.0953 2860 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys

15:43:49.0031 2860 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok

15:43:49.0062 2860 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0

15:43:49.0109 2860 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:43:49.0109 2860 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:43:49.0140 2860 Boot (0x1200) (bab4d65bb89cf227822e235e4547aa22) \Device\Harddisk0\DR0\Partition0

15:43:49.0156 2860 \Device\Harddisk0\DR0\Partition0 - ok

15:43:49.0171 2860 Boot (0x1200) (54458035008405d03cfec2ebb16349a8) \Device\Harddisk0\DR0\Partition1

15:43:49.0171 2860 \Device\Harddisk0\DR0\Partition1 - ok

15:43:49.0187 2860 ============================================================

15:43:49.0187 2860 Scan finished

15:43:49.0187 2860 ============================================================

15:43:49.0312 2184 Detected object count: 11

15:43:49.0312 2184 Actual detected object count: 11

15:44:57.0531 2184 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0531 2184 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0546 2184 MREMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0546 2184 MREMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0546 2184 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0546 2184 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0562 2184 NPPTNT ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0562 2184 NPPTNT ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0562 2184 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0562 2184 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0562 2184 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0562 2184 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0562 2184 sptd ( LockedFile.Multi.Generic ) - skipped by user

15:44:57.0578 2184 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

15:44:57.0578 2184 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0578 2184 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0578 2184 symlcbrd ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0578 2184 symlcbrd ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0593 2184 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:57.0593 2184 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:44:57.0593 2184 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:44:57.0593 2184 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:45:01.0265 1612 Deinitialize success

Edited by RandomNewPerson, 17 March 2012 - 02:07 PM.

  • 0

#4
Essexboy
Posted 17 March 2012 - 02:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If it is not the Pro version then it should be OK. If OTL hangs whilst stopping processes then close the programme and do the following

Prior to running Combofix re-run TDSSKiler and when yo get to the following bit select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Then procedd to combofix
  • 0

#5
RandomNewPerson
Posted 17 March 2012 - 06:46 PM

RandomNewPerson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I have three things to note:

1) I did not run TDSSKiller to delete \Device\Harddisk0\DR0 ( TDSS File System ) prior to running Combofix, since I read the instructions as "re-run TDSSKiller if OTL hangs while stopping processes. The OTL part of the instructions went fine (ran the custom fix followed by a reboot and then a Quick Scan).

2) While running Combofix, it said in a prompt that I was infected with a rootkit (I think it was "Rootkit.ZeroAccess") and rebooted my computer after a while of scanning. This went normally, but after several more minutes the command prompt got up to the "Completed -- Stage 4" part and a little while later my computer shutdown and rebooted without warning. After logging back in, I got a prompt that said Windows "recovered from a serious error".

There is no indicator that says Combofix finished what it is supposed to do and there is no ComboFix.txt in either the desktop or in the C:\ folder, although the C;\ folder contains a "ComboFix" folder that seems to be a copy of "My Computer".

3) I will test how my computer is running over the next hour or so and get back to you if the redirects are still happening.


The log from the OTL Quick Scan is below (don't have a ComboFix log).


=======================================================================================


OTL logfile created on: 3/17/2012 6:11:53 PM - Run 2

OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



503.36 Mb Total Physical Memory | 118.20 Mb Available Physical Memory | 23.48% Memory free

1.20 Gb Paging File | 0.83 Gb Available in Paging File | 69.19% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 106.22 Gb Total Space | 37.05 Gb Free Space | 34.88% Space Free | Partition Type: NTFS

Drive D: | 5.55 Gb Total Space | 0.96 Gb Free Space | 17.34% Space Free | Partition Type: FAT32



Computer Name: HAYASHI | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2012/03/16 17:05:32 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/02/19 12:34:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2005/01/28 14:35:58 | 000,434,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2004/12/10 12:45:26 | 000,049,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

PRC - [2003/08/19 02:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

PRC - [2003/08/09 12:27:16 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe

PRC - [2003/07/14 10:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe

PRC - [2003/06/13 07:08:16 | 000,233,472 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

PRC - [2003/02/21 07:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe

PRC - [2002/10/07 10:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe





========== Modules (No Company Name) ==========



MOD - [2012/03/17 14:07:30 | 001,744,896 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12031701\algo.dll

MOD - [2012/02/19 12:34:12 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/11/16 13:03:30 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2005/01/28 14:31:34 | 000,045,056 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\gamehook.dll

MOD - [2003/06/17 02:57:56 | 000,163,840 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll

MOD - [2003/02/21 07:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe

MOD - [2003/02/21 06:50:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll

MOD - [2002/10/07 10:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe





========== Win32 Services (SafeList) ==========



SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)

SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2003/02/21 07:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)





========== Driver Services (SafeList) ==========



DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | Boot | Unknown] -- -- (IPVNMon)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\hamachi.sys -- (hamachi)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (any9hf4w)

DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/02/04 13:19:04 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2007/10/26 11:20:40 | 004,124,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2007/09/28 14:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)

DRV - [2007/09/28 14:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)

DRV - [2007/08/15 22:24:46 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2005/09/02 13:20:47 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)

DRV - [2004/12/10 12:48:46 | 000,024,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2004/12/10 12:48:40 | 000,068,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2004/12/10 12:48:18 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2004/12/10 12:48:08 | 000,052,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2004/12/10 12:47:58 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2004/08/04 01:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)

DRV - [2004/07/12 12:38:12 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2003/12/15 09:57:20 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/12/12 19:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2003/08/11 13:22:54 | 000,040,228 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)

DRV - [2003/07/22 02:14:04 | 000,004,608 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\npptNT.sys -- (NPPTNT)

DRV - [2003/05/06 18:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2003/04/11 11:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2003/03/20 01:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)

DRV - [2003/02/20 19:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)

DRV - [2002/12/27 14:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)

DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

DRV - [2002/10/01 10:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2002/08/29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2002/08/29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost



========== FireFox ==========



FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: [email protected]:1.0





FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/15 20:02:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 12:34:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 17:34:48 | 000,000,000 | ---D | M]



[2008/08/27 10:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2012/03/14 20:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9lnz177.default\extensions

[2011/11/08 20:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W9LNZ177.DEFAULT\EXTENSIONS\[email protected]

[2012/03/15 20:02:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

[2012/02/19 12:34:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2012/02/13 17:04:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/13 17:04:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml



O1 HOSTS File: ([2002/08/29 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()

O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount File not found

O4 - HKCU..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe ( )

O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [RecordNow!] File not found

O4 - HKCU..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.2.10)_Gecko/20100914_Firefox/3.6.10_(_.NET_CLR_3.5.30729)" -"http://woz.commtechl...trail/play.htm" File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html File not found

O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1134004834593 (MUWebControl Class)

O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://qcmaila.qc.cuny.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://qcmail.qc.cuny.edu/dwa7W.cab (Domino Web Access 7 Control)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012AA18E-CF24-4C09-8FAC-A62D0E6BCDBD}: DhcpNameServer = 192.168.1.1 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()

O24 - Desktop Components:0 () - http://alloftheabove.../magical800.gif

O24 - Desktop Components:1 () - http://alloftheabove...xploring800.jpg

O24 - Desktop Components:2 () - http://alloftheabove...ds/tree_800.jpg

O24 - Desktop Components:3 () - http://alloftheabove...s/yukon_800.jpg

O24 - Desktop Components:4 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - Unable to open key or key not present!

O32 - AutoRun File - [2003/08/23 08:53:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/05/04 01:08:04 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2012/03/17 17:31:58 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/03/16 17:05:22 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/03/09 19:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Miranda IM



========== Files - Modified Within 30 Days ==========



[2012/03/17 18:20:02 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1050407765-2127104703-3310192392-1009UA.job

[2012/03/17 18:03:59 | 000,001,403 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2012/03/17 18:00:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/17 18:00:35 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/17 17:59:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/17 17:59:34 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/17 17:27:31 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/17 16:50:25 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\EV Nova Prefs.prf

[2012/03/16 17:05:32 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/03/16 16:35:44 | 000,000,622 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job

[2012/03/16 00:29:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/03/15 16:37:35 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/12 12:20:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1050407765-2127104703-3310192392-1009Core.job

[2012/03/11 11:51:36 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/11 11:51:36 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys



========== Files Created - No Company Name ==========



[2011/04/09 20:52:45 | 000,046,706 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\room.dat

[2010/09/26 13:35:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat



========== LOP Check ==========



[2008/06/11 16:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2010/11/17 11:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2008/03/11 19:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2009/03/15 19:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games

[2011/06/21 12:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2009/01/15 14:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock

[2010/03/31 15:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/06/11 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/09/02 14:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks

[2007/06/20 23:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO

[2012/02/13 16:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/01/29 21:17:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CC8D4389-E989-40EE-AF09-2330B1EE8BF7}

[2012/03/14 20:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.bittorrent

[2006/01/22 13:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim

[2005/04/01 20:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aladdin Systems

[2012/01/04 18:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitComet

[2006/04/18 13:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files

[2009/02/17 19:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2004/01/24 13:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute

[2004/06/12 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo

[2010/03/31 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin

[2004/06/16 12:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kontiki

[2004/03/14 15:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2010/08/26 16:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Miranda

[2004/06/05 11:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MX

[2010/05/14 12:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2012/01/04 19:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy

[2003/08/23 23:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2006/12/11 19:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro

[2009/01/15 14:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock

[2011/06/21 12:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab

[2004/01/14 18:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

[2007/05/13 09:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WholeSecurity



========== Purity Check ==========







========== Alternate Data Streams ==========



@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F



< End of report >

Edited by RandomNewPerson, 17 March 2012 - 07:14 PM.

  • 0

#6
RandomNewPerson
Posted 17 March 2012 - 07:12 PM

RandomNewPerson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Update: The redirects still occur. Example: redirected to this website.
  • 0

#7
Essexboy
Posted 18 March 2012 - 05:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next we will work outside of windows
Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#8
RandomNewPerson
Posted 19 March 2012 - 01:46 PM

RandomNewPerson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I seem to be stuck on step 5 of the above instructions. I have created a boot CD using OTLPENet.exe, but my computer still seems to run from the hard drive because Windows XP loads as before and my desktop picture remains the same. Is the desktop background supposed to change if I had successfully run it from the CD?

I will note that I went into the BIOS and changed the Boot Priority to CD-drive, floppy, and hard drive in that order.
  • 0

#9
Essexboy
Posted 19 March 2012 - 01:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you boot with the CD in the drive do you get the following prompt

"Press any key to boot from CD"
  • 0

#10
RandomNewPerson
Posted 19 March 2012 - 04:10 PM

RandomNewPerson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I do not.
  • 0

Advertisements

#11
Essexboy
Posted 19 March 2012 - 04:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That means that the CD Drive is not enabled in BIOS or it is blocked

From safemode with networking could you retry combofix please
  • 0

#12
RandomNewPerson
Posted 20 March 2012 - 04:15 PM

RandomNewPerson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ComboFix seems to have run successfully this time

Log is below.

================================================================================

ComboFix 12-03-17.01 - Owner 03/20/2012 17:20:59.2.2 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.342 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Guest\WINDOWS

c:\documents and settings\Kelly\WINDOWS

c:\documents and settings\Owner\Local Settings\Application Data\CHOICE.exe

c:\documents and settings\Owner\WINDOWS

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ctnsbnqo.ini

c:\windows\system32\entiobuc.ini

c:\windows\system32\ps2.bat

c:\windows\system32\qchsumen.ini

c:\windows\system32\ryrdrujl.ini

c:\windows\system32\ueeujskm.ini

c:\windows\system32\wumtbiyb.ini

c:\windows\system32\wvpyhasa.ini

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))

.

.

2012-03-17 21:31 . 2012-03-17 21:31 -------- d-----w- C:\_OTL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-06 23:15 . 2010-11-17 22:07 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2010-11-17 22:07 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:03 . 2011-04-09 00:47 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:03 . 2010-11-17 22:07 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2010-11-17 22:07 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-06 23:01 . 2010-11-17 22:07 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2010-11-17 22:07 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-06 23:01 . 2010-11-17 22:07 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-06 23:01 . 2010-11-17 22:07 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 22:58 . 2010-11-17 22:07 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-02-03 09:22 . 2003-08-08 15:35 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-09 16:20 . 2003-08-08 15:33 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-19 16:34 . 2011-05-06 04:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2008-06-30 17:44 . 2008-02-24 19:44 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll" [2003-05-03 835654]

"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LTMSG"="LTMSG.exe 7" [X]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"nwiz"="nwiz.exe" [2003-05-03 323584]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]

"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]

"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]

"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 50176]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2006-6-11 225280]

PowerReg Scheduler.exe [2006-6-8 256000]

PowerReg SchedulerV2.exe [2004-1-15 256000]

.

c:\documents and settings\Guest\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-4-20 434176]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Miranda IM\\miranda32.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"57666:TCP"= 57666:TCP:Pando Media Booster

"57666:UDP"= 57666:UDP:Pando Media Booster

"15660:TCP"= 15660:TCP:BitComet 15660 TCP

"15660:UDP"= 15660:UDP:BitComet 15660 UDP

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/15/2007 10:24 PM 685816]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/8/2011 8:47 PM 612184]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/17/2010 6:07 PM 337880]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/17/2010 6:07 PM 20696]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2010 11:30 AM 136176]

S2 mrtRate;mrtRate; [x]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/3/2008 11:24 PM 24652]

S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2010 11:30 AM 136176]

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 15:30]

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 15:30]

.

2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1050407765-2127104703-3310192392-1009Core.job

- c:\documents and settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-08 15:30]

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1050407765-2127104703-3310192392-1009UA.job

- c:\documents and settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-08 15:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1;localhost

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Shorten URL - http://www.cjb.net/menuext.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w9lnz177.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-RecordNow! - (no file)

HKCU-Run-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe

HKU-Default-Run-Symantec Network Driver Update Warning - c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE

HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-20 17:40

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(796)

c:\program files\Softex\OmniPass\opxpgina.dll

.

Completion time: 2012-03-20 17:48:19

ComboFix-quarantined-files.txt 2012-03-20 21:48

.

Pre-Run: 40,678,518,784 bytes free

Post-Run: 41,137,729,536 bytes free

.

- - End Of File - - D693B5881312AE6ECFF3C1A2D92D0807
  • 0

#13
Essexboy
Posted 20 March 2012 - 04:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now return to normal mode please and let me know if the redirects are still occuring

If so are they in firefox, IE or both
  • 0

#14
RandomNewPerson
Posted 20 March 2012 - 05:25 PM

RandomNewPerson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The redirects still occur in Firefox.

I have run several searches in IE and I do not get redirected (I actually have not used IE for a very long time).

Edited by RandomNewPerson, 20 March 2012 - 05:25 PM.

  • 0

#15
Essexboy
Posted 21 March 2012 - 01:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that narrows it down a tad

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear.

    Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP