Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect issue [Solved]

Started by Danpicos , May 11 2012 08:30 PM

  • This topic is locked This topic is locked

#1
Danpicos
Posted 11 May 2012 - 08:30 PM

Danpicos

    Member

  • Member
  • PipPip
  • 13 posts
I have an issue with my search results from google , i am being redirected sometimes to websites that have nothing to do with my search . here is the OTL file report , hope somebody can help me out . My computer runs alright with the exception of this annoying re-direct. Thanks in advance.

OTL logfile created on: 5/11/2012 10:19:54 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.97% Memory free
2.44 Gb Paging File | 1.52 Gb Available in Paging File | 62.38% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 231.74 Gb Free Space | 77.74% Space Free | Partition Type: NTFS
Drive F: | 140.48 Gb Total Space | 39.31 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
Drive G: | 8.56 Gb Total Space | 0.55 Gb Free Space | 6.48% Space Free | Partition Type: FAT32

Computer Name: DAN-54C0A5D2219 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/11 22:16:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe
PRC - [2012/01/18 17:03:20 | 001,939,968 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Comcast\pcTrayApp.exe
PRC - [2012/01/18 17:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2012/01/13 20:22:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/08 11:23:18 | 000,208,672 | ---- | M] ( ) -- C:\Program Files\GbPlugin\GbpSv.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/10 02:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/23 07:40:27 | 008,527,520 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/13 20:22:21 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/09/18 00:55:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/18 17:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/08/08 11:23:18 | 000,208,672 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | System | Stopped] -- D:\xpsetup -- (vcdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dan\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/05/11 22:02:48 | 000,083,064 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR250.SYS -- (SMR250)
DRV - [2012/05/10 20:29:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120510.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/10 20:29:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120510.033\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/27 20:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120510.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/03 23:02:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 23:02:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/01/18 17:01:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/01/18 17:01:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/08/08 11:23:42 | 000,044,064 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/07/04 11:06:03 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symtdi.sys -- (SYMTDI)
DRV - [2011/04/01 01:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/01 01:07:52 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 16:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 16:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iplay.com/?o=shp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C A5 D5 32 7D 23 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{5DD53178-7466-40BA-A0FF-5AE44DB92E61}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B44892F-6710-4EEB-8F1C-F04C8E123F2E}: "URL" = http://websearch.ask...2B-84AB8AAD829F
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....rms}&fr=chr-rog
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Dan\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 17:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/11 22:01:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/06 01:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/28 15:35:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 07:32:01 | 000,000,000 | ---D | M]

[2009/11/25 01:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2012/05/07 23:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\extensions
[2010/07/24 20:46:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/05 22:22:52 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\searchplugins\askcom.xml
[2011/03/15 21:03:38 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\searchplugins\conduit.xml
[2012/01/13 20:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/19 16:39:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/05 07:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/05 07:08:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/08 17:53:02 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2012/05/05 23:44:05 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\01H3B8RE.DEFAULT\EXTENSIONS\[email protected]
[2012/01/13 20:22:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 21:45:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/27 19:40:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/12 18:12:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/11/05 19:27:19 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober41640671.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Dan\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Dan\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/05/11 21:59:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Comcast_McciTrayApp] C:\Program Files\Comcast\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBBBD8C-D365-4AF5-B77F-82951698DFFC}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/24 23:02:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 22:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\GooredFix Backups
[2012/05/11 22:02:48 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR250.SYS
[2012/05/11 21:59:16 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/05/11 21:41:46 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Dan\Desktop\NPE.exe
[2012/05/11 20:47:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/11 19:43:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/11 19:39:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/11 19:39:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/11 19:39:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/11 19:39:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/11 19:39:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/11 19:39:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/11 19:38:24 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/05/11 19:38:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/10 23:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/10 23:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/10 23:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/05/10 22:49:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/10 22:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\NPE
[2012/05/10 20:28:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/10 20:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/10 20:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/09 07:51:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/26 18:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Ilivid Player
[2012/04/17 10:21:20 | 000,000,000 | ---D | C] -- C:\CNYSELPHYCP
[2012/04/17 10:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon SELPHY CP400

========== Files - Modified Within 30 Days ==========

[2012/05/11 22:02:58 | 000,616,199 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Info20120511214649.xml
[2012/05/11 22:02:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\SMR250.dat
[2012/05/11 22:02:48 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR250.SYS
[2012/05/11 22:02:29 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/11 22:01:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/11 21:59:38 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Metadata.dat
[2012/05/11 21:59:17 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/11 21:57:57 | 004,513,579 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Remediate2012051121464992111000000.dat
[2012/05/11 21:43:57 | 000,000,336 | ---- | M] () -- C:\boot.ini
[2012/05/11 21:42:25 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Dan\Desktop\NPE.exe
[2012/05/11 19:38:25 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/05/11 14:33:40 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Dan.job
[2012/05/11 10:22:08 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Outlook.pst
[2012/05/10 23:41:41 | 000,000,191 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2012/05/10 23:14:15 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Spybot - Search & Destroy.lnk
[2012/05/10 23:07:51 | 000,000,603 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120510-234927.backup
[2012/05/10 22:36:25 | 000,000,220 | ---- | M] () -- C:\Boot.bak
[2012/05/10 20:28:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/09 13:28:07 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 07:55:35 | 000,683,730 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502010.003\Cat.DB
[2012/05/09 07:52:09 | 000,438,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 07:52:09 | 000,069,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/09 07:49:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 21:16:15 | 000,178,688 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 16:47:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/24 07:29:33 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/04/16 17:34:33 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502010.003\isolate.ini

========== Files Created - No Company Name ==========

[2012/05/11 22:02:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\SMR250.dat
[2012/05/11 21:57:57 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Metadata.dat
[2012/05/11 21:57:51 | 004,513,579 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Remediate2012051121464992111000000.dat
[2012/05/11 21:54:57 | 000,616,199 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Info20120511214649.xml
[2012/05/11 19:43:07 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2012/05/11 19:43:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/11 19:39:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/11 19:39:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/11 19:39:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/11 19:39:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/11 19:39:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/10 23:14:15 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Spybot - Search & Destroy.lnk
[2012/04/17 10:21:20 | 000,000,191 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/02/15 09:16:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/13 00:20:49 | 006,088,192 | ---- | C] () -- C:\WINDOWS\System32\vid_trans2.dll
[2011/09/13 00:20:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2011/09/13 00:20:47 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2011/09/13 00:20:47 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/09/13 00:20:47 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2011/09/13 00:20:47 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2011/09/13 00:20:47 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2011/09/13 00:20:47 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2011/09/13 00:20:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2011/05/18 21:58:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 21:53:10 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/01 01:11:10 | 004,333,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.sys.off
[2011/04/01 01:11:10 | 004,333,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2011/03/27 12:15:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/04 11:12:36 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/18 16:22:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2010/10/01 17:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
[2010/10/24 18:39:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/03/22 18:04:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/07/17 21:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/10/17 16:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2011/08/26 15:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gas
[2011/08/25 13:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GbPlugin
[2012/05/10 20:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/11/05 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/11/05 19:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/12/27 13:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Poker Mania
[2012/02/19 11:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/05/07 23:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/15 20:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2010/08/12 08:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/03/13 07:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/11/06 17:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/06 11:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\BitTorrent
[2012/03/22 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Canon
[2010/02/12 20:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\com.eslevier.saunders.QA.nclexrn.4e.64231CE93A64F1E241ED22A896C56C31BC298C57.1
[2010/07/17 21:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DAEMON Tools Lite
[2010/02/14 19:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Facebook
[2011/09/13 00:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\FreeBurner
[2011/11/15 22:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Garmin
[2010/03/05 21:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GetRightToGo
[2012/05/03 10:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\InternetCalls
[2011/08/27 17:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2011/11/05 22:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Memeo
[2011/11/08 18:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Nuance
[2011/04/05 22:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Registry Mechanic
[2009/11/29 21:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\SanDisk
[2010/11/14 17:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\SoftGrid Client
[2010/09/15 21:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\TP
[2011/11/05 19:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

Edited by Danpicos, 11 May 2012 - 09:25 PM.

  • 0

Advertisements

#2
Danpicos
Posted 12 May 2012 - 09:17 AM

Danpicos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
???????????????

Edited by Danpicos, 12 May 2012 - 02:27 PM.

  • 0

#3
jeffce
Posted 12 May 2012 - 08:55 PM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Posted Image
Click the image to enlarge it
----------
  • 0

#4
Danpicos
Posted 12 May 2012 - 09:39 PM

Danpicos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Jeff thank you very much for taking your time to take a look at my issue . Here are the results from the aswMBR scan

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-12 23:14:22
-----------------------------
23:14:22.406 OS Version: Windows 5.1.2600 Service Pack 3
23:14:22.406 Number of processors: 1 586 0x4F02
23:14:22.406 ComputerName: DAN-54C0A5D2219 UserName: Dan
23:14:31.000 Initialize success
23:19:58.640 AVAST engine defs: 12051201
23:23:25.625 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
23:23:25.625 Disk 0 Vendor: WDC_WD1600JS-60NCB1 10.02E02 Size: 152627MB BusType: 3
23:23:25.656 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-10
23:23:25.656 Disk 1 Vendor: WDC_WD3200AAKS-00VYA0 12.01B02 Size: 305245MB BusType: 3
23:23:25.671 Disk 1 MBR read successfully
23:23:25.671 Disk 1 MBR scan
23:23:25.718 Disk 1 Windows XP default MBR code
23:23:25.718 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
23:23:25.718 Disk 1 scanning sectors +625121280
23:23:25.781 Disk 1 scanning C:\WINDOWS\system32\drivers
23:23:34.828 Service scanning
23:23:37.546 Service GbpKm C:\WINDOWS\system32\drivers\gbpkm.sys **LOCKED** 32
23:23:50.203 Modules scanning
23:23:53.984 Disk 1 trace - called modules:
23:23:54.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:23:54.000 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a33bab8]
23:23:54.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8a29cf18]
23:23:54.000 5 ACPI.sys[b9f48620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a28fd98]
23:23:54.796 AVAST engine scan C:\WINDOWS
23:24:04.734 AVAST engine scan C:\WINDOWS\system32
23:26:13.296 AVAST engine scan C:\WINDOWS\system32\drivers
23:26:30.343 AVAST engine scan C:\Documents and Settings\Dan
23:34:08.859 AVAST engine scan C:\Documents and Settings\All Users
23:36:00.109 Scan finished successfully
23:38:20.578 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Dan\Desktop\MBR.dat"
23:38:20.640 The log file has been saved successfully to "C:\Documents and Settings\Dan\Desktop\aswMBR.txt"
  • 0

#5
jeffce
Posted 13 May 2012 - 07:32 AM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iplay.com/?o=shp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C A5 D5 32 7D 23 CB 01 [binary data]
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{8B44892F-6710-4EEB-8F1C-F04C8E123F2E}: "URL" = http://websearch.ask...2B-84AB8AAD829F
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:2.7.2.0
[2011/09/05 22:22:52 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\searchplugins\askcom.xml
[2011/03/15 21:03:38 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\searchplugins\conduit.xml
[2012/05/05 23:44:05 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\01H3B8RE.DEFAULT\EXTENSIONS\[email protected]
[2011/11/05 19:27:19 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober41640671.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
[2012/05/08 21:16:15 | 000,178,688 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 21:58:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 21:53:10 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/03/05 21:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GetRightToGo

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#6
Danpicos
Posted 13 May 2012 - 07:58 AM

Danpicos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok here is the report

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B44892F-6710-4EEB-8F1C-F04C8E123F2E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B44892F-6710-4EEB-8F1C-F04C8E123F2E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Coupons.com Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:2.7.2.0 removed from extensions.enabledItems
C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\extensions\[email protected] moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober41640671.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
C:\Program Files\BitTorrentBar\prxtbBit0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www14\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www2\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bb.com.br\www\ deleted successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\Dan\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini moved successfully.
C:\Documents and Settings\Dan\Application Data\GetRightToGo folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dan
->Temp folder emptied: 60018343 bytes
->Temporary Internet Files folder emptied: 622618 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49290942 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 871 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 724 bytes

Total Files Cleaned = 105.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.42.3 log created on 05132012_094811

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Dan\Local Settings\Temp\Temporary Internet Files\Content.IE5\GUWM88N4\7YWnY96yoa79KffwaUTQer7tZljOf8ynnVvadSeOMQWswzCS_i0YsUEcQpoEJrm5UQPMpRhDpgV8RtKAzZ32BB0yb3ZBtj8lq8Csz2K5vy9Oz_3IMUFjeZLZSod9tBCi2ZYqSX7Yhc6PaBqugLH6YyMVcedC9lKP[1].jpg not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_464.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_5cc.dat moved successfully.

Registry entries deleted on Reboot...




and here is the new OTL scan report

OTL logfile created on: 5/13/2012 9:52:13 AM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 70.76% Memory free
2.44 Gb Paging File | 1.82 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 230.89 Gb Free Space | 77.46% Space Free | Partition Type: NTFS
Drive F: | 140.48 Gb Total Space | 39.31 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
Drive G: | 8.56 Gb Total Space | 0.55 Gb Free Space | 6.48% Space Free | Partition Type: FAT32

Computer Name: DAN-54C0A5D2219 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/13 09:46:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2012/05/09 13:37:43 | 000,913,848 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 01:53:56 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/01/18 17:03:20 | 001,939,968 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Comcast\pcTrayApp.exe
PRC - [2012/01/18 17:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/10 02:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 13:37:45 | 002,044,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/18 17:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | System | Stopped] -- D:\xpsetup -- (vcdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/10 20:29:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120512.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/10 20:29:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120512.016\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/27 20:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/03 23:02:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 23:02:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/01/18 17:01:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/01/18 17:01:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/08/08 11:23:42 | 000,044,064 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/07/04 11:06:03 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symtdi.sys -- (SYMTDI)
DRV - [2011/04/01 01:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/01 01:07:52 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 16:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 16:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{5DD53178-7466-40BA-A0FF-5AE44DB92E61}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....rms}&fr=chr-rog
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Dan\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 17:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/13 09:49:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/06 01:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/13 00:04:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 07:32:01 | 000,000,000 | ---D | M]

[2009/11/25 01:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2012/05/13 00:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\extensions
[2010/07/24 20:46:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/13 00:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/19 16:39:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/13 00:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/05/09 13:38:15 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/09 13:37:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/27 19:40:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/05/09 13:37:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Dan\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Dan\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/05/13 09:48:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Comcast_McciTrayApp] C:\Program Files\Comcast\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Dan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBBBD8C-D365-4AF5-B77F-82951698DFFC}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/24 23:02:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/13 09:48:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/13 09:46:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2012/05/13 09:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/13 09:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/05/13 00:02:24 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/05/13 00:02:21 | 002,522,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2012/05/13 00:02:21 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2012/05/13 00:02:21 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2012/05/13 00:02:21 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2012/05/13 00:02:20 | 017,534,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2012/05/13 00:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/05/13 00:01:28 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/05/12 23:13:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan\Desktop\aswMBR.exe
[2012/05/12 08:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\index.php_files
[2012/05/12 00:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/05/11 23:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2012/05/11 23:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/11 23:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/11 23:54:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/11 23:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/11 23:30:55 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan\Desktop\tdsskiller.exe
[2012/05/11 22:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\GooredFix Backups
[2012/05/11 21:41:46 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Dan\Desktop\NPE.exe
[2012/05/11 20:47:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/11 19:43:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/11 19:39:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/11 19:38:24 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/05/10 23:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/10 23:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/10 23:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/05/10 22:49:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/10 22:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\NPE
[2012/05/10 20:28:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/10 20:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/10 20:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/09 07:51:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/26 18:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Ilivid Player
[2012/04/17 10:21:20 | 000,000,000 | ---D | C] -- C:\CNYSELPHYCP
[2012/04/17 10:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon SELPHY CP400

========== Files - Modified Within 30 Days ==========

[2012/05/13 09:49:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 09:48:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/13 09:46:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2012/05/13 09:42:14 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/13 09:42:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2012/05/13 09:42:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2012/05/13 00:04:27 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/13 00:04:27 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/13 00:02:54 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/13 00:02:54 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/13 00:02:47 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/13 00:02:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/05/13 00:02:28 | 000,684,700 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502010.003\Cat.DB
[2012/05/12 23:38:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2012/05/12 23:14:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan\Desktop\aswMBR.exe
[2012/05/12 14:34:31 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Dan.job
[2012/05/12 10:34:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Outlook.pst
[2012/05/12 08:41:53 | 000,056,573 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\index.php.htm
[2012/05/12 00:21:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lysymw.sys
[2012/05/12 00:15:15 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/12 00:14:04 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 00:12:33 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mitum.sys
[2012/05/12 00:07:52 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Update Checker.lnk
[2012/05/11 23:54:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/11 23:31:01 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan\Desktop\tdsskiller.exe
[2012/05/11 22:02:58 | 000,616,199 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Info20120511214649.xml
[2012/05/11 21:59:38 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Metadata.dat
[2012/05/11 21:57:57 | 004,513,579 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Remediate2012051121464992111000000.dat
[2012/05/11 21:43:57 | 000,000,336 | ---- | M] () -- C:\boot.ini
[2012/05/11 21:42:25 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Dan\Desktop\NPE.exe
[2012/05/11 19:38:25 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/05/10 23:41:41 | 000,000,191 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2012/05/10 23:14:15 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Spybot - Search & Destroy.lnk
[2012/05/10 23:07:51 | 000,000,603 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120510-234927.backup
[2012/05/10 22:36:25 | 000,000,220 | ---- | M] () -- C:\Boot.bak
[2012/05/10 20:28:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/09 07:52:09 | 000,438,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 07:52:09 | 000,069,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/09 07:49:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/05 16:47:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/24 07:29:33 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/04/16 17:34:33 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502010.003\isolate.ini

========== Files Created - No Company Name ==========

[2012/05/13 09:42:14 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/13 09:42:12 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2012/05/13 09:42:12 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2012/05/13 00:02:47 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/13 00:02:47 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/13 00:02:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/13 00:02:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/05/13 00:02:21 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/05/13 00:02:21 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/05/12 23:38:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2012/05/12 08:41:52 | 000,056,573 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\index.php.htm
[2012/05/12 00:21:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lysymw.sys
[2012/05/12 00:12:33 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mitum.sys
[2012/05/12 00:07:51 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Update Checker.lnk
[2012/05/11 23:54:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/11 21:57:57 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Metadata.dat
[2012/05/11 21:57:51 | 004,513,579 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Remediate2012051121464992111000000.dat
[2012/05/11 21:54:57 | 000,616,199 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Info20120511214649.xml
[2012/05/11 19:43:07 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2012/05/11 19:43:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/10 23:14:15 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Spybot - Search & Destroy.lnk
[2012/04/17 10:21:20 | 000,000,191 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/02/15 09:16:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/13 00:20:49 | 006,088,192 | ---- | C] () -- C:\WINDOWS\System32\vid_trans2.dll
[2011/09/13 00:20:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2011/09/13 00:20:47 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2011/09/13 00:20:47 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/09/13 00:20:47 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2011/09/13 00:20:47 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2011/09/13 00:20:47 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2011/09/13 00:20:47 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2011/09/13 00:20:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2011/04/01 01:11:10 | 004,333,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.sys.off
[2011/04/01 01:11:10 | 004,333,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2011/03/27 12:15:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/04 11:12:36 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/18 16:22:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

Thank you Jeff
  • 0

#7
jeffce
Posted 13 May 2012 - 10:37 AM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

To submit a file to virustotal, please click VirusTotal

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

C:\WINDOWS\System32\drivers\lysymw.sys
C:\WINDOWS\System32\drivers\mitum.sys

scroll down a bit and click "send file", wait for the results and post the link to them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------
  • 0

#8
Danpicos
Posted 13 May 2012 - 12:41 PM

Danpicos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hope i did it right , here are the results for the first file lysymw.sys

SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516
SHA1: aabbd57e20d2e7041f9e7abce6cfd8a53c366537
MD5: e6d35f3aa51a65eb35c1f2340154a25e
File size: 52.8 KB ( 54016 bytes )
File name: lysymw.sys
File type: Win32 EXE
Detection ratio: 1 / 40
Analysis date: 2012-05-13 18:37:21 UTC ( 0 minutes ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120513
AntiVir - 20120513
Antiy-AVL - 20120513
Avast - 20120513
AVG - 20120513
BitDefender - 20120513
ByteHero - 20120511
CAT-QuickHeal - 20120513
ClamAV - 20120512
Commtouch - 20120513
Comodo - 20120513
DrWeb - 20120513
Emsisoft - 20120513
eSafe Win32.TrojanHorse 20120509
eTrust-Vet - 20120511
F-Prot - 20120513
F-Secure - 20120513
Fortinet - 20120508
GData - 20120513
Ikarus - 20120513
Jiangmin - 20120512
K7AntiVirus - 20120511
Kaspersky - 20120513
McAfee - 20120512
McAfee-GW-Edition - 20120513
Microsoft - 20120513
NOD32 - 20120513
Norman - 20120513
nProtect - 20120513
PCTools - 20120513
Rising - 20120511
SUPERAntiSpyware - 20120512
Symantec - 20120513
TheHacker - 20120513
TrendMicro - 20120513
TrendMicro-HouseCall - 20120513
VBA32 - 20120511
VIPRE - 20120513
ViRobot - 20120513
VirusBuster - 20120513

Comments
Votes
Additional information

Confirmed by MBAM as part of their toolkit here: http://forums.malwar...16&fromsearch=1
  • 0

#9
Danpicos
Posted 13 May 2012 - 12:42 PM

Danpicos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here is the report for the second one

SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516
SHA1: aabbd57e20d2e7041f9e7abce6cfd8a53c366537
MD5: e6d35f3aa51a65eb35c1f2340154a25e
File size: 52.8 KB ( 54016 bytes )
File name: hdfm.sys
File type: Win32 EXE
Detection ratio: 1 / 42
Analysis date: 2012-05-12 21:41:10 UTC ( 20 hours, 55 minutes ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120511
AntiVir - 20120511
Antiy-AVL - 20120512
Avast - 20120512
AVG - 20120511
BitDefender - 20120512
ByteHero - 20120511
CAT-QuickHeal - 20120511
ClamAV - 20120512
Commtouch - 20120512
Comodo - 20120512
DrWeb - 20120512
Emsisoft - 20120512
eSafe Win32.TrojanHorse 20120509
eTrust-Vet - 20120511
F-Prot - 20120511
F-Secure - 20120512
Fortinet - 20120508
GData - 20120512
Ikarus - 20120512
Jiangmin - 20120512
K7AntiVirus - 20120511
Kaspersky - 20120511
McAfee - 20120512
McAfee-GW-Edition - 20120512
Microsoft - 20120512
NOD32 - 20120512
Norman - 20120511
nProtect - 20120511
Panda - 20120511
PCTools - 20120512
Rising - 20120511
Sophos - 20120512
SUPERAntiSpyware - 20120512
Symantec - 20120512
TheHacker - 20120511
TrendMicro - 20120512
TrendMicro-HouseCall - 20120511
VBA32 - 20120511
VIPRE - 20120512
ViRobot - 20120512
VirusBuster - 20120511

Comments
Votes
Additional information

Confirmed by MBAM as part of their toolkit here: http://forums.malwar...16&fromsearch=1
  • 0

#10
jeffce
Posted 13 May 2012 - 03:57 PM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,


Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
  • Do not use this instance of your browser for anything besides doing this scan
  • When the scan is complete and the results saved, close that instance of your browser
  • Open a new one the usual way and post the results in this topic.


  • Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)
  • 0

Advertisements

#11
Danpicos
Posted 13 May 2012 - 09:09 PM

Danpicos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ok here is the Malware scan results

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dan :: DAN-54C0A5D2219 [administrator]

Protection: Disabled

5/13/2012 8:18:20 PM
mbam-log-2012-05-13 (20-18-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186163
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And this is the Eset Scan

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Documents and Settings\Dan\My Documents\Downloads\cnet_CheetahDVDBurner_exe.exe a variant of Win32/InstallCore.D application
C:\System Volume Information\_restore{D34FF41B-441D-43BF-8126-9B6F2CC705AA}\RP910\A0128315.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{D34FF41B-441D-43BF-8126-9B6F2CC705AA}\RP910\A0128316.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{D34FF41B-441D-43BF-8126-9B6F2CC705AA}\RP910\A0128317.dll a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{D34FF41B-441D-43BF-8126-9B6F2CC705AA}\RP910\A0128318.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{D34FF41B-441D-43BF-8126-9B6F2CC705AA}\RP910\A0128320.exe probably a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{D34FF41B-441D-43BF-8126-9B6F2CC705AA}\RP910\A0128331.dll a variant of Win32/Adware.Yontoo.A application
C:\System Volume Information\_restore{D34FF41B-441D-43BF-8126-9B6F2CC705AA}\RP910\A0128333.dll a variant of Win32/Adware.Yontoo.B application
F:\hp\bin\wbug\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application
  • 0

#12
jeffce
Posted 14 May 2012 - 05:50 AM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:Files
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll	
C:\Documents and Settings\Dan\My Documents\Downloads\cnet_CheetahDVDBurner_exe.exe
F:\hp\bin\wbug\CompaqPresario_Spring06.exe
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[clearallrestorepoints]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

In your next reply please post the logs made by OTL and let me know how your system is running now. :)
  • 0

#13
Danpicos
Posted 14 May 2012 - 03:20 PM

Danpicos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi jeff , here is the new OTL report . i also checked to see if my google searches are being re-directed and it seems like it has stopped , hopefully for good .
Let me know if we need to do anything else . I appreciate all your help .
Dan



OTL logfile created on: 5/14/2012 5:10:40 PM - Run 3
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 57.11% Memory free
2.44 Gb Paging File | 1.62 Gb Available in Paging File | 66.18% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 233.78 Gb Free Space | 78.43% Space Free | Partition Type: NTFS
Drive F: | 140.48 Gb Total Space | 39.20 Gb Free Space | 27.91% Space Free | Partition Type: NTFS
Drive G: | 8.56 Gb Total Space | 0.56 Gb Free Space | 6.49% Space Free | Partition Type: FAT32

Computer Name: DAN-54C0A5D2219 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/13 09:46:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2012/05/09 13:37:43 | 000,913,848 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/18 17:03:20 | 001,939,968 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Comcast\pcTrayApp.exe
PRC - [2012/01/18 17:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/10 02:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/01/21 18:20:06 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 13:37:45 | 002,044,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/23 07:40:27 | 008,527,520 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/09/18 00:55:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/18 17:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | System | Stopped] -- D:\xpsetup -- (vcdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/10 20:29:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120513.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/10 20:29:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120513.007\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/27 20:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/03 23:02:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 23:02:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/01/18 17:01:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/01/18 17:01:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/08/08 11:23:42 | 000,044,064 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/07/04 11:06:03 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symtdi.sys -- (SYMTDI)
DRV - [2011/04/01 01:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/01 01:07:52 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 16:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 16:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{5DD53178-7466-40BA-A0FF-5AE44DB92E61}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....rms}&fr=chr-rog
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Dan\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 17:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/14 17:01:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/06 01:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/13 00:04:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 07:32:01 | 000,000,000 | ---D | M]

[2009/11/25 01:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2012/05/13 22:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\extensions
[2010/07/24 20:46:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\01h3b8re.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/13 00:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/19 16:39:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/13 00:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/05/13 22:50:46 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\01H3B8RE.DEFAULT\EXTENSIONS\[email protected]
[2012/05/09 13:38:15 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/09 13:37:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/27 19:40:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/05/09 13:37:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Dan\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Dan\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/05/14 16:59:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Comcast_McciTrayApp] C:\Program Files\Comcast\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Dan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBBBD8C-D365-4AF5-B77F-82951698DFFC}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/24 23:02:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/13 09:48:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/13 09:46:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2012/05/13 09:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/13 09:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/05/13 00:02:24 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/05/13 00:02:21 | 002,522,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2012/05/13 00:02:21 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2012/05/13 00:02:21 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2012/05/13 00:02:21 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2012/05/13 00:02:20 | 017,534,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2012/05/13 00:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/05/13 00:01:28 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/05/12 23:13:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan\Desktop\aswMBR.exe
[2012/05/12 08:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\index.php_files
[2012/05/12 00:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/05/11 23:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2012/05/11 23:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/11 23:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/11 23:54:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/11 23:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/11 23:30:55 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan\Desktop\tdsskiller.exe
[2012/05/11 22:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\GooredFix Backups
[2012/05/11 21:41:46 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Dan\Desktop\NPE.exe
[2012/05/11 20:47:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/11 19:43:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/11 19:39:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/11 19:38:24 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/05/10 23:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/10 23:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/10 23:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/05/10 22:49:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/10 22:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\NPE
[2012/05/10 20:28:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/10 20:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/10 20:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/09 07:51:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/26 18:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Ilivid Player
[2012/04/17 10:21:20 | 000,000,000 | ---D | C] -- C:\CNYSELPHYCP
[2012/04/17 10:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon SELPHY CP400

========== Files - Modified Within 30 Days ==========

[2012/05/14 17:01:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/14 16:59:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/14 14:33:18 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Dan.job
[2012/05/14 11:59:47 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Outlook.pst
[2012/05/13 16:34:02 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 09:46:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2012/05/13 09:42:14 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/13 09:42:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2012/05/13 09:42:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2012/05/13 00:04:27 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/13 00:04:27 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/13 00:02:54 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/13 00:02:54 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/13 00:02:47 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/13 00:02:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/05/13 00:02:28 | 000,684,700 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502010.003\Cat.DB
[2012/05/12 23:38:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2012/05/12 23:14:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan\Desktop\aswMBR.exe
[2012/05/12 08:41:53 | 000,056,573 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\index.php.htm
[2012/05/12 00:21:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lysymw.sys
[2012/05/12 00:15:15 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/12 00:14:04 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 00:12:33 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mitum.sys
[2012/05/12 00:07:52 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Update Checker.lnk
[2012/05/11 23:54:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/11 23:31:01 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan\Desktop\tdsskiller.exe
[2012/05/11 22:02:58 | 000,616,199 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Info20120511214649.xml
[2012/05/11 21:59:38 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Metadata.dat
[2012/05/11 21:57:57 | 004,513,579 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Remediate2012051121464992111000000.dat
[2012/05/11 21:43:57 | 000,000,336 | ---- | M] () -- C:\boot.ini
[2012/05/11 21:42:25 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Dan\Desktop\NPE.exe
[2012/05/11 19:38:25 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/05/10 23:41:41 | 000,000,191 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2012/05/10 23:14:15 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Spybot - Search & Destroy.lnk
[2012/05/10 23:07:51 | 000,000,603 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120510-234927.backup
[2012/05/10 22:36:25 | 000,000,220 | ---- | M] () -- C:\Boot.bak
[2012/05/10 20:28:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/09 07:52:09 | 000,438,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 07:52:09 | 000,069,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/09 07:49:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/05 16:47:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/24 07:29:33 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/04/16 17:34:33 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502010.003\isolate.ini

========== Files Created - No Company Name ==========

[2012/05/13 16:33:21 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 09:42:14 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/13 09:42:12 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\NTREGOPT.lnk
[2012/05/13 09:42:12 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ERUNT.lnk
[2012/05/13 00:02:47 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/13 00:02:47 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/13 00:02:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/13 00:02:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/05/13 00:02:21 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/05/13 00:02:21 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/05/12 23:38:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2012/05/12 08:41:52 | 000,056,573 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\index.php.htm
[2012/05/12 00:21:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lysymw.sys
[2012/05/12 00:12:33 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mitum.sys
[2012/05/12 00:07:51 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Update Checker.lnk
[2012/05/11 23:54:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/11 21:57:57 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Metadata.dat
[2012/05/11 21:57:51 | 004,513,579 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Remediate2012051121464992111000000.dat
[2012/05/11 21:54:57 | 000,616,199 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Info20120511214649.xml
[2012/05/11 19:43:07 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2012/05/11 19:43:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/10 23:14:15 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Spybot - Search & Destroy.lnk
[2012/04/17 10:21:20 | 000,000,191 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/02/15 09:16:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/13 00:20:49 | 006,088,192 | ---- | C] () -- C:\WINDOWS\System32\vid_trans2.dll
[2011/09/13 00:20:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2011/09/13 00:20:47 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2011/09/13 00:20:47 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/09/13 00:20:47 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2011/09/13 00:20:47 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2011/09/13 00:20:47 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2011/09/13 00:20:47 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2011/09/13 00:20:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2011/04/01 01:11:10 | 004,333,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.sys.off
[2011/04/01 01:11:10 | 004,333,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2011/03/27 12:15:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/04 11:12:36 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/18 16:22:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >
  • 0

#14
jeffce
Posted 14 May 2012 - 07:31 PM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
No for now give a good run around until the morning and let me know how it is running. :)
  • 0

#15
Danpicos
Posted 15 May 2012 - 06:01 AM

Danpicos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi jef , everything seems to be running well here . no redirect issue with my searches so i guess you took care of the problem . You're the man , Thank you so much .
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP