Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect

Started by PaulSidcup , Jun 14 2011 06:42 AM

  • This topic is locked This topic is locked

#1
PaulSidcup
Posted 14 June 2011 - 06:42 AM

PaulSidcup

    Member

  • Member
  • PipPip
  • 18 posts
I have been experiencing Google redirects for about two days. I have tried following the instructions on your page "How to fix Google Redirects, aka Win32/Olmarik, Rootkit.Win32.TDSS.u, Win32/Alureon.F, Backdoor.Tidserv!.inf" ; I still get redirected.

Thank you for your assistance.

OTL logfile created on: 6/14/2011 8:18:03 AM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Paul\My Documents\2011\Computers\Google Redirect
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 582.52 Mb Available Physical Memory | 57.43% Memory free
2.38 Gb Paging File | 2.07 Gb Available in Paging File | 86.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.08 Gb Total Space | 78.45 Gb Free Space | 54.83% Space Free | Partition Type: NTFS

Computer Name: PAUL-INSPIRON | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 23:13:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\My Documents\2011\Computers\Google Redirect\OTL.exe
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/12/08 06:40:00 | 000,115,992 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/20 13:29:08 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe


========== Modules (SafeList) ==========

MOD - [2011/06/13 23:13:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\My Documents\2011\Computers\Google Redirect\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IHA_MessageCenter)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/17 20:39:33 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/05/04 17:25:13 | 000,215,552 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/12/08 06:40:00 | 000,128,280 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2008/12/08 06:40:00 | 000,115,992 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe -- (RetroLauncher)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/14 18:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 18:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC)
DRV - [2010/05/14 18:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 18:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/22 18:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 01:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 17:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 16:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 18:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-447299374-3309734861-3770108698-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-447299374-3309734861-3770108698-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.3.25
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..extensions.enabledItems: wecarereminder@bryan:4.0.2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 16:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/31 23:54:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 17:08:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 13:19:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/04/21 22:56:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/04/29 13:19:16 | 000,000,000 | ---D | M]

[2010/10/22 18:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2011/06/14 06:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fntqj0lx.default\extensions
[2011/04/19 19:42:55 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fntqj0lx.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/04/03 09:11:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fntqj0lx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/19 00:44:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fntqj0lx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2011/03/05 10:19:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fntqj0lx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/03/28 09:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fntqj0lx.default\extensions\nostmp
[2011/06/14 06:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fntqj0lx.default\extensions\staged
[2011/04/18 07:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/18 07:48:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/18 16:09:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/18 07:47:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/31 23:54:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/05/05 08:27:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/29 22:28:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/18 07:47:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/06/01 08:24:21 | 000,001,949 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/13 08:30:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110531234708.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O3 - HKU\S-1-5-21-447299374-3309734861-3770108698-1006\..\Toolbar\WebBrowser: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Virginia\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Virginia\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-447299374-3309734861-3770108698-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\c: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\kµ°“Ã: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\úæ¸: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\UM5w: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-447299374-3309734861-3770108698-1006\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/14 08:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/13 22:52:38 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/13 07:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/13 07:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/11 00:20:44 | 000,339,968 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Paul\Local Settings\Application Data\qoi.exe
[2011/06/11 00:20:44 | 000,339,968 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Paul\Local Settings\Application Data\kik.exe
[2011/06/11 00:20:39 | 000,339,968 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Paul\Local Settings\Application Data\yxh.exe
[2011/06/11 00:20:15 | 000,180,224 | ---- | C] ( ) -- C:\Documents and Settings\Paul\Application Data\kx0378r.exe
[2011/05/31 23:47:04 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/05/31 23:46:46 | 000,089,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/05/31 23:46:45 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/05/31 23:46:45 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/05/31 23:46:45 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/05/31 23:46:45 | 000,083,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/05/31 23:46:45 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/05/31 23:46:44 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/05/31 23:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/05/31 23:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/05/31 23:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/05/31 23:22:17 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/05/30 14:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/30 13:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Uniblue
[2011/05/23 21:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ghostscript
[2011/05/23 21:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Stuffit
[2011/05/23 20:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Smith Micro
[2011/05/23 20:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\My Archives
[2011/05/23 20:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Smith Micro

========== Files - Modified Within 30 Days ==========

[2011/06/14 08:15:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-447299374-3309734861-3770108698-1006.job
[2011/06/14 08:15:17 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-447299374-3309734861-3770108698-1008.job
[2011/06/14 08:15:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-447299374-3309734861-3770108698-1007.job
[2011/06/14 08:15:17 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/14 08:15:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-447299374-3309734861-3770108698-1006.job
[2011/06/14 08:15:17 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/14 08:14:58 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\Thruqxdhm.job
[2011/06/14 08:14:58 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\DQWZLFB.job
[2011/06/14 08:14:58 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\CHMV.job
[2011/06/14 08:14:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/14 08:14:50 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 07:24:51 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-447299374-3309734861-3770108698-1007.job
[2011/06/13 19:35:37 | 003,633,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/13 19:06:39 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Paul\ntuser.bak
[2011/06/13 17:08:59 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\Paul\GoToAssistDownloadHelper.exe
[2011/06/13 11:30:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/06/13 11:30:17 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/06/13 08:30:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/12 08:49:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/11 23:18:51 | 000,010,098 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ix6jxlv2hp0
[2011/06/11 23:18:50 | 000,010,098 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\ix6jxlv2hp0
[2011/06/11 22:36:49 | 000,046,249 | ---- | M] () -- C:\Documents and Settings\Paul\.recently-used.xbel
[2011/06/11 00:20:44 | 000,000,106 | -H-- | M] () -- C:\Documents and Settings\Paul\Application Data\MouseDriver.bat
[2011/06/11 00:20:20 | 000,166,400 | RHS- | M] () -- C:\WINDOWS\System32\lrnxpt.dll
[2011/06/11 00:20:20 | 000,166,400 | RHS- | M] () -- C:\WINDOWS\System32\dsound3d9.dll
[2011/06/11 00:20:03 | 000,180,224 | ---- | M] ( ) -- C:\Documents and Settings\Paul\Application Data\kx0378r.exe
[2011/05/31 22:51:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/31 22:43:36 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6h86d7sr2domqf81n08t4n
[2011/05/31 22:43:35 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\6h86d7sr2domqf81n08t4n
[2011/05/27 17:30:52 | 000,011,597 | ---- | M] () -- C:\Documents and Settings\Paul\gsview32.ini
[2011/05/25 08:04:12 | 000,140,378 | ---- | M] () -- C:\Documents and Settings\Paul\New_document_1-g2993-4294967210.png
[2011/05/23 21:53:26 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini
[2011/05/19 21:31:56 | 000,230,987 | ---- | M] () -- C:\Documents and Settings\Paul\New document 2.2011_05_19_21_31_56.0.svg
[2011/05/18 18:50:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/05/18 18:26:59 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-447299374-3309734861-3770108698-1008.job

========== Files Created - No Company Name ==========

[2011/06/13 17:08:56 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Paul\GoToAssistDownloadHelper.exe
[2011/06/13 11:30:17 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/06/13 11:30:17 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/06/12 19:32:26 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/11 22:36:49 | 000,046,249 | ---- | C] () -- C:\Documents and Settings\Paul\.recently-used.xbel
[2011/06/11 00:21:19 | 000,010,098 | -HS- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\ix6jxlv2hp0
[2011/06/11 00:21:19 | 000,010,098 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ix6jxlv2hp0
[2011/06/11 00:20:44 | 000,000,106 | -H-- | C] () -- C:\Documents and Settings\Paul\Application Data\MouseDriver.bat
[2011/06/11 00:20:22 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\Thruqxdhm.job
[2011/06/11 00:20:22 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\DQWZLFB.job
[2011/06/11 00:20:22 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\CHMV.job
[2011/06/11 00:20:20 | 000,166,400 | RHS- | C] () -- C:\WINDOWS\System32\lrnxpt.dll
[2011/06/11 00:20:20 | 000,166,400 | RHS- | C] () -- C:\WINDOWS\System32\dsound3d9.dll
[2011/06/11 00:20:11 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/11 00:20:05 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/31 22:14:45 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\6h86d7sr2domqf81n08t4n
[2011/05/31 22:14:45 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6h86d7sr2domqf81n08t4n
[2011/05/30 00:41:17 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-447299374-3309734861-3770108698-1006.job
[2011/05/29 00:04:04 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\Paul\ntuser.bak
[2011/05/25 08:04:11 | 000,140,378 | ---- | C] () -- C:\Documents and Settings\Paul\New_document_1-g2993-4294967210.png
[2011/05/19 21:31:56 | 000,230,987 | ---- | C] () -- C:\Documents and Settings\Paul\New document 2.2011_05_19_21_31_56.0.svg
[2011/05/16 14:48:34 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011/05/04 13:39:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ebuvodej.dat
[2011/05/04 13:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Etiviqaq.bin
[2011/05/03 19:25:59 | 000,060,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/20 18:52:44 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\dvd.bmk
[2011/03/20 16:51:20 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2011/03/20 16:41:32 | 000,000,055 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/01/25 15:55:18 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/28 21:17:11 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/26 23:49:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/15 12:43:50 | 000,000,348 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/12/15 12:31:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Templates
[2010/12/15 12:31:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Paul\Application Data\System Image Utility
[2010/12/15 12:31:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/12/15 12:29:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Tables
[2010/12/15 12:29:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Paul\Application Data\Synth Pads
[2010/12/15 12:29:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/11/26 21:55:12 | 000,000,435 | ---- | C] () -- C:\WINDOWS\Graphing Calculator Viewer.INI
[2010/11/11 00:30:10 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\wklnhst.dat
[2010/11/11 00:11:30 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wsodsini.dll
[2010/11/11 00:09:05 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/11/03 14:07:07 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2010/11/03 14:06:24 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2010/11/03 14:06:21 | 000,009,771 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2010/10/04 20:42:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/04 13:20:20 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2010/09/23 23:30:15 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 15:59:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/09/19 15:15:37 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2010/09/19 11:55:24 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2010/09/19 11:55:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2010/09/19 11:53:48 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/09/19 11:53:48 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2010/09/19 11:53:48 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/09/19 11:52:52 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\EsFw32.BIN
[2010/09/19 11:52:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 3170.ini
[2010/09/14 22:27:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/14 19:12:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/14 19:06:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/09/14 19:06:38 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/09/14 19:06:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/09/13 21:42:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2010/09/13 21:41:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2010/09/13 21:41:47 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/09/13 21:39:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 17:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/09 16:08:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll
[2006/12/06 14:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 003,633,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,465,156 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,081,022 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2000/07/15 01:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

========== LOP Check ==========

[2010/12/15 12:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applause and Laugher
[2010/12/15 12:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Basics
[2010/12/15 12:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/09/15 14:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/12/15 12:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/04/29 13:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/11 19:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2011/05/23 20:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2010/09/26 21:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/15 12:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/10/03 22:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i(2)
[2011/03/19 00:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2010/12/24 01:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Azureus
[2011/04/29 13:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/24 00:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Copernic
[2010/09/29 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\EPSON
[2011/05/13 16:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\gtk-2.0
[2011/05/04 14:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\inkscape
[2010/10/04 21:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Jasc
[2010/09/14 20:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2010/10/03 22:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\My.Freeze.com NetAssistant
[2010/12/15 12:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nikon
[2010/09/15 12:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\OpenOffice.org
[2011/03/19 00:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Orbit
[2011/03/19 00:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ProgSense
[2010/10/11 22:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Radical Software Ltd
[2010/09/19 16:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Smart Panel
[2010/11/11 00:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Template
[2011/05/30 13:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Uniblue
[2011/06/13 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\wsInspector
[2011/05/13 16:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\XnView
[2011/01/19 17:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia\Application Data\OpenOffice.org
[2011/03/06 10:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia\Application Data\wsInspector
[2011/06/14 08:14:58 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\CHMV.job
[2011/06/14 08:14:58 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\DQWZLFB.job
[2011/06/14 08:14:58 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\Tasks\Thruqxdhm.job
[2011/06/14 08:15:17 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/14 08:15:17 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 15 June 2011 - 03:30 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello PaulSidcup and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - Winlogon\Notify\c: DllName - itlnfw32.dll - File not found
    O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - File not found
    O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
    O20 - Winlogon\Notify\kµ°“Ã: DllName - itlnfw32.dll - File not found
    O20 - Winlogon\Notify\úæ¸: DllName - itlnfw32.dll - File not found
    O20 - Winlogon\Notify\UM5w: DllName - itlnfw32.dll - File not found
    O37 - HKU\S-1-5-21-447299374-3309734861-3770108698-1006\...exe [@ = exefile] -- Reg Error: Value error. File not found
    [2011/06/11 00:20:44 | 000,339,968 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Paul\Local Settings\Application Data\qoi.exe
    [2011/06/11 00:20:44 | 000,339,968 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Paul\Local Settings\Application Data\kik.exe
    [2011/06/11 00:20:39 | 000,339,968 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Paul\Local Settings\Application Data\yxh.exe
    [2011/06/11 00:20:15 | 000,180,224 | ---- | C] ( ) -- C:\Documents and Settings\Paul\Application Data\kx0378r.exe
    [2011/06/14 08:14:58 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\Thruqxdhm.job
    [2011/06/14 08:14:58 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\DQWZLFB.job
    [2011/06/14 08:14:58 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\CHMV.job
    [2011/06/13 11:30:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
    [2011/06/11 23:18:51 | 000,010,098 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ix6jxlv2hp0
    [2011/06/11 23:18:50 | 000,010,098 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\ix6jxlv2hp0
    [2011/06/11 00:20:03 | 000,180,224 | ---- | M] ( ) -- C:\Documents and Settings\Paul\Application Data\kx0378r.exe
    [2011/05/31 22:43:36 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6h86d7sr2domqf81n08t4n
    [2011/05/31 22:43:35 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\6h86d7sr2domqf81n08t4n
    [2011/05/04 13:39:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ebuvodej.dat
    [2011/05/04 13:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Etiviqaq.bin
    [2010/09/19 11:53:48 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
    [2010/09/19 11:53:48 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
    [2010/09/19 11:53:48 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini


    :Files
    ipconfig /flushdns /c
    [2011/06/11 23:18:51 | 000,010,098 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ix6jxlv2hp0
    [2011/06/11 23:18:50 | 000,010,098 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\ix6jxlv2hp0
    [2011/05/31 22:43:36 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6h86d7sr2domqf81n08t4n
    2011/05/31 22:43:35 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\6h86d7sr2domqf81n08t4n

    :Commands
    [purity]
    [Reboot]
    [resethosts]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL fixlog
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
PaulSidcup
Posted 15 June 2011 - 12:03 PM

PaulSidcup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Dear maliprog,

Thanks for helping me with this problem.

Here is the OTL log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlntfy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kµ°“Ã\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\úæ¸\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\UM5w\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-447299374-3309734861-3770108698-1006_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-447299374-3309734861-3770108698-1006_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Paul\Local Settings\Application Data\qoi.exe moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\kik.exe moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\yxh.exe moved successfully.
C:\Documents and Settings\Paul\Application Data\kx0378r.exe moved successfully.
C:\WINDOWS\tasks\Thruqxdhm.job moved successfully.
C:\WINDOWS\tasks\DQWZLFB.job moved successfully.
C:\WINDOWS\tasks\CHMV.job moved successfully.
C:\WINDOWS\system32\cmdVBS.vbs moved successfully.
C:\Documents and Settings\All Users\Application Data\ix6jxlv2hp0 moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\ix6jxlv2hp0 moved successfully.
File C:\Documents and Settings\Paul\Application Data\kx0378r.exe not found.
C:\Documents and Settings\All Users\Application Data\6h86d7sr2domqf81n08t4n moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\6h86d7sr2domqf81n08t4n moved successfully.
C:\WINDOWS\Ebuvodej.dat moved successfully.
C:\WINDOWS\Etiviqaq.bin moved successfully.
C:\WINDOWS\SlantAdj.dll moved successfully.
C:\WINDOWS\Ade001.bin moved successfully.
C:\WINDOWS\system32\epDPE.ini moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Paul\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\cmd.txt deleted successfully.
Invalid Switch: 11 23:18:51 | 000,010,098 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ix6jxlv2hp0
Invalid Switch: 11 23:18:50 | 000,010,098 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\ix6jxlv2hp0
Invalid Switch: 31 22:43:36 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6h86d7sr2domqf81n08t4n
Invalid Switch: 31 22:43:35 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\6h86d7sr2domqf81n08t4n
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.0 log created on 06152011_090350


More . . .
  • 0

#4
PaulSidcup
Posted 15 June 2011 - 12:04 PM

PaulSidcup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the ComboFix log:

ComboFix 11-06-14.03 - Paul 06/15/2011 13:29:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.471 [GMT -4:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Paul\Application Data\MouseDriver.bat
c:\documents and settings\Paul\GoToAssistDownloadHelper.exe
c:\documents and settings\Paul\Local Settings\Application Data\{1A9E1ECD-6A0E-4427-B987-402828ECAAE7}
c:\documents and settings\Paul\Local Settings\Application Data\{1A9E1ECD-6A0E-4427-B987-402828ECAAE7}\chrome\content\_cfg.js
c:\documents and settings\Paul\Local Settings\Application Data\{1A9E1ECD-6A0E-4427-B987-402828ECAAE7}\chrome\content\overlay.xul
c:\documents and settings\Paul\Local Settings\Application Data\{1A9E1ECD-6A0E-4427-B987-402828ECAAE7}\install.rdf
c:\program files\INSTALL.LOG
c:\windows\system32\itlpfw32.dll
.
Infected copy of c:\windows\system32\imm32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))
.
.
2011-06-15 13:03 . 2011-06-15 13:03 -------- d-----w- C:\_OTL
2011-06-14 15:23 . 2011-06-14 15:24 -------- d-----w- c:\program files\Startup Inspector for Windows
2011-06-14 02:52 . 2011-06-14 02:52 -------- d-----w- C:\_OTM
2011-06-13 15:30 . 2011-06-13 15:30 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-06-13 11:48 . 2011-06-13 11:55 -------- d-----w- c:\program files\ERUNT
2011-06-11 04:20 . 2011-06-11 04:20 166400 --sha-r- c:\windows\system32\lrnxpt.dll
2011-06-11 04:20 . 2011-06-11 04:20 166400 --sha-r- c:\windows\system32\dsound3d9.dll
2011-06-01 03:47 . 2011-03-13 15:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-01 03:47 . 2011-03-13 15:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-01 03:46 . 2011-03-13 15:20 89368 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-06-01 03:46 . 2011-03-13 15:20 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-01 03:46 . 2011-03-13 15:20 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-06-01 03:46 . 2011-03-13 15:20 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-01 03:46 . 2011-03-13 15:20 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-01 03:46 . 2011-03-13 15:20 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-01 03:46 . 2011-03-13 15:20 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-01 03:46 . 2011-06-01 03:47 -------- d-----w- c:\program files\Common Files\Mcafee
2011-06-01 03:45 . 2011-06-02 11:56 -------- d-----w- c:\program files\McAfee
2011-06-01 03:22 . 2011-03-13 15:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-01 02:49 . 2011-06-01 02:49 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-30 17:36 . 2011-05-30 17:36 -------- d-----w- c:\documents and settings\Paul\Application Data\Uniblue
2011-05-24 00:57 . 2011-05-24 01:05 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Smith Micro
2011-05-24 00:57 . 2011-05-24 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Smith Micro
2011-05-18 19:47 . 2011-05-25 11:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 11:47 . 2011-04-18 11:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-18 11:47 . 2010-09-15 16:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-20 23:23 . 2011-03-20 23:23 664 ----a-w- c:\documents and settings\Mackenzie\Local Settings\Application Data\d3d9caps.tmp
2011-04-30 02:28 . 2011-03-28 13:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1306216]
.
c:\documents and settings\Virginia\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Retrospect\\Retrospect 7.5\\Retrospect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/31/2011 11:46 PM 89368]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 1:51 PM 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/31/2011 11:46 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/31/2011 11:46 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/31/2011 11:46 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [5/31/2011 11:47 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/31/2011 11:22 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/31/2011 11:46 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/31/2011 11:46 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/31/2011 11:46 PM 83688]
S2 IHA_MessageCenter;IHA_MessageCenter;"c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" --> c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/31/2011 11:46 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/31/2011 11:46 PM 85984]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-447299374-3309734861-3770108698-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-06-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-447299374-3309734861-3770108698-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-06-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-447299374-3309734861-3770108698-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-447299374-3309734861-3770108698-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-06-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-447299374-3309734861-3770108698-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-05-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-447299374-3309734861-3770108698-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\McAfee\MSC\McSnIePl.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\fntqj0lx.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Notify-itlntfy - itlnfw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-15 13:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-447299374-3309734861-3770108698-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Retrospect\Retrospect 7.6\retrorun.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
.
**************************************************************************
.
Completion time: 2011-06-15 13:52:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-15 17:52
.
Pre-Run: 83,747,901,440 bytes free
Post-Run: 83,495,636,992 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 249B4B18AD049675EA6F178F24E19882
  • 0

#5
maliprog
Posted 15 June 2011 - 12:11 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Do you still get redirected?

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#6
PaulSidcup
Posted 15 June 2011 - 12:51 PM

PaulSidcup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
So far so good. No redirections in about 10 googles. Let's hope it is cured. Thanks for your help.
  • 0

#7
maliprog
Posted 15 June 2011 - 12:54 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We are not finished jet. Please post logs here for me.
  • 0

#8
PaulSidcup
Posted 15 June 2011 - 01:00 PM

PaulSidcup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Which logs would you like me to post?
  • 0

#9
maliprog
Posted 15 June 2011 - 01:05 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
TDSSKiller and aswMBR logs. I ask you for that logs two post ago.
  • 0

#10
PaulSidcup
Posted 15 June 2011 - 01:20 PM

PaulSidcup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
TDSSKiller:

2011/06/15 15:14:15.0203 2724 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/15 15:14:15.0750 2724 ================================================================================
2011/06/15 15:14:15.0750 2724 SystemInfo:
2011/06/15 15:14:15.0750 2724
2011/06/15 15:14:15.0750 2724 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/15 15:14:15.0750 2724 Product type: Workstation
2011/06/15 15:14:15.0750 2724 ComputerName: PAUL-INSPIRON
2011/06/15 15:14:15.0750 2724 UserName: Paul
2011/06/15 15:14:15.0750 2724 Windows directory: C:\WINDOWS
2011/06/15 15:14:15.0750 2724 System windows directory: C:\WINDOWS
2011/06/15 15:14:15.0750 2724 Processor architecture: Intel x86
2011/06/15 15:14:15.0750 2724 Number of processors: 2
2011/06/15 15:14:15.0750 2724 Page size: 0x1000
2011/06/15 15:14:15.0750 2724 Boot type: Normal boot
2011/06/15 15:14:15.0750 2724 ================================================================================
2011/06/15 15:14:17.0531 2724 Initialize success
2011/06/15 15:14:20.0390 2380 ================================================================================
2011/06/15 15:14:20.0390 2380 Scan started
2011/06/15 15:14:20.0390 2380 Mode: Manual;
2011/06/15 15:14:20.0390 2380 ================================================================================
2011/06/15 15:14:22.0078 2380 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/15 15:14:22.0687 2380 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/15 15:14:22.0734 2380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/15 15:14:22.0812 2380 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/15 15:14:23.0187 2380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/15 15:14:23.0296 2380 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/15 15:14:23.0546 2380 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/15 15:14:23.0578 2380 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/15 15:14:23.0640 2380 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/15 15:14:23.0875 2380 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/15 15:14:24.0062 2380 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/15 15:14:24.0187 2380 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/15 15:14:24.0515 2380 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/15 15:14:24.0562 2380 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/15 15:14:24.0609 2380 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/15 15:14:24.0765 2380 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/06/15 15:14:25.0015 2380 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/15 15:14:25.0062 2380 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/15 15:14:25.0171 2380 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/15 15:14:25.0265 2380 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/15 15:14:25.0421 2380 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/15 15:14:25.0453 2380 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/15 15:14:25.0515 2380 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/15 15:14:25.0562 2380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/15 15:14:25.0640 2380 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/15 15:14:25.0765 2380 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/06/15 15:14:25.0953 2380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/15 15:14:26.0000 2380 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/15 15:14:26.0031 2380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/15 15:14:26.0078 2380 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/15 15:14:26.0140 2380 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/15 15:14:26.0281 2380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/15 15:14:26.0343 2380 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/15 15:14:26.0406 2380 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/15 15:14:26.0453 2380 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\WINDOWS\system32\drivers\cfwids.sys
2011/06/15 15:14:26.0625 2380 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/15 15:14:26.0703 2380 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/15 15:14:26.0765 2380 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/15 15:14:26.0843 2380 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/15 15:14:26.0890 2380 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/15 15:14:26.0921 2380 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/15 15:14:27.0062 2380 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/15 15:14:27.0156 2380 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/15 15:14:27.0218 2380 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/15 15:14:27.0250 2380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/15 15:14:27.0296 2380 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/15 15:14:27.0421 2380 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/15 15:14:27.0656 2380 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/15 15:14:27.0796 2380 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/15 15:14:28.0109 2380 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/15 15:14:28.0250 2380 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/15 15:14:28.0328 2380 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/06/15 15:14:28.0687 2380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/15 15:14:28.0953 2380 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/15 15:14:29.0171 2380 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/15 15:14:29.0406 2380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/15 15:14:29.0859 2380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/15 15:14:30.0234 2380 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/15 15:14:30.0500 2380 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/15 15:14:30.0765 2380 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/15 15:14:31.0250 2380 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/06/15 15:14:31.0656 2380 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/06/15 15:14:31.0984 2380 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/15 15:14:32.0171 2380 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/15 15:14:32.0515 2380 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/15 15:14:32.0796 2380 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/15 15:14:33.0328 2380 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/15 15:14:34.0109 2380 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/15 15:14:34.0218 2380 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/15 15:14:34.0796 2380 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/15 15:14:34.0859 2380 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/15 15:14:34.0906 2380 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/15 15:14:34.0953 2380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/15 15:14:35.0000 2380 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/15 15:14:35.0109 2380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/15 15:14:35.0218 2380 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/15 15:14:35.0390 2380 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/15 15:14:35.0640 2380 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/15 15:14:35.0875 2380 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/15 15:14:35.0921 2380 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/15 15:14:35.0984 2380 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/15 15:14:36.0265 2380 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/06/15 15:14:36.0687 2380 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/06/15 15:14:37.0125 2380 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/06/15 15:14:37.0875 2380 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/06/15 15:14:38.0531 2380 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/15 15:14:39.0125 2380 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/06/15 15:14:39.0406 2380 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/06/15 15:14:39.0703 2380 mfebopk (52c40d19873528bd15823c969d3ad227) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/06/15 15:14:39.0984 2380 mfefirek (e37b98d49df546f4059483d49e349a53) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/06/15 15:14:40.0265 2380 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/06/15 15:14:40.0750 2380 mfendisk (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/06/15 15:14:40.0937 2380 mfendiskmp (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/06/15 15:14:41.0000 2380 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/06/15 15:14:41.0265 2380 mfetdi2k (8d1a44e1f46bcf4acfe9c701edd340e3) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/06/15 15:14:41.0437 2380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/15 15:14:41.0562 2380 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/15 15:14:41.0625 2380 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/15 15:14:41.0656 2380 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/15 15:14:41.0703 2380 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/15 15:14:41.0937 2380 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/15 15:14:42.0046 2380 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/15 15:14:42.0671 2380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/15 15:14:42.0734 2380 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/15 15:14:42.0781 2380 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/15 15:14:42.0843 2380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/15 15:14:42.0906 2380 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/15 15:14:42.0953 2380 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/15 15:14:42.0984 2380 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/15 15:14:43.0062 2380 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/15 15:14:43.0125 2380 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/15 15:14:43.0187 2380 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/15 15:14:43.0234 2380 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/15 15:14:43.0312 2380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/15 15:14:43.0343 2380 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/15 15:14:43.0421 2380 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/15 15:14:43.0609 2380 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/15 15:14:43.0687 2380 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/15 15:14:43.0765 2380 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/15 15:14:43.0796 2380 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/15 15:14:43.0875 2380 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/15 15:14:43.0906 2380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/15 15:14:44.0015 2380 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/15 15:14:44.0093 2380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/15 15:14:44.0109 2380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/15 15:14:44.0171 2380 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/15 15:14:44.0218 2380 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/15 15:14:44.0250 2380 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/15 15:14:44.0281 2380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/15 15:14:44.0312 2380 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/15 15:14:44.0359 2380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/15 15:14:44.0437 2380 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/15 15:14:44.0562 2380 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/15 15:14:44.0937 2380 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/15 15:14:45.0125 2380 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/15 15:14:45.0187 2380 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/15 15:14:45.0281 2380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/15 15:14:45.0343 2380 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/15 15:14:45.0625 2380 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/15 15:14:45.0671 2380 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/15 15:14:45.0734 2380 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/15 15:14:45.0781 2380 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/15 15:14:45.0828 2380 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/15 15:14:45.0921 2380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/15 15:14:46.0000 2380 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/15 15:14:46.0031 2380 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/15 15:14:46.0140 2380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/15 15:14:46.0218 2380 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/15 15:14:46.0328 2380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/15 15:14:46.0406 2380 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/15 15:14:46.0453 2380 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/15 15:14:46.0515 2380 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/15 15:14:46.0656 2380 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/06/15 15:14:47.0031 2380 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/06/15 15:14:47.0390 2380 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/06/15 15:14:47.0781 2380 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/15 15:14:47.0890 2380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/15 15:14:47.0984 2380 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/15 15:14:48.0031 2380 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/15 15:14:48.0140 2380 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/15 15:14:48.0250 2380 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/15 15:14:48.0312 2380 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/15 15:14:48.0390 2380 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/15 15:14:48.0437 2380 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/15 15:14:48.0515 2380 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/15 15:14:48.0562 2380 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/15 15:14:48.0843 2380 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/15 15:14:49.0375 2380 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/15 15:14:49.0562 2380 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/15 15:14:49.0671 2380 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/15 15:14:49.0765 2380 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/15 15:14:49.0906 2380 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/15 15:14:50.0328 2380 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/15 15:14:50.0406 2380 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/15 15:14:50.0921 2380 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/15 15:14:51.0171 2380 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/15 15:14:51.0265 2380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/15 15:14:51.0375 2380 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/15 15:14:51.0437 2380 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/15 15:14:51.0531 2380 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/15 15:14:51.0640 2380 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/15 15:14:51.0718 2380 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/15 15:14:51.0765 2380 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/15 15:14:52.0187 2380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/15 15:14:52.0500 2380 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/15 15:14:52.0593 2380 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/15 15:14:52.0703 2380 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/15 15:14:52.0796 2380 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/15 15:14:52.0890 2380 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/15 15:14:52.0984 2380 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/15 15:14:53.0062 2380 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/15 15:14:53.0156 2380 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/15 15:14:53.0281 2380 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/15 15:14:53.0375 2380 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/15 15:14:53.0468 2380 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/15 15:14:53.0531 2380 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/15 15:14:53.0625 2380 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/15 15:14:53.0750 2380 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/15 15:14:53.0843 2380 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/15 15:14:53.0953 2380 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/06/15 15:14:54.0484 2380 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/15 15:14:54.0578 2380 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/15 15:14:54.0656 2380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/15 15:14:54.0765 2380 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/15 15:14:54.0859 2380 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/06/15 15:14:54.0890 2380 ================================================================================
2011/06/15 15:14:54.0890 2380 Scan finished
2011/06/15 15:14:54.0890 2380 ================================================================================
2011/06/15 15:14:54.0906 2184 Detected object count: 0
2011/06/15 15:14:54.0906 2184 Actual detected object count: 0
  • 0

Advertisements

#11
PaulSidcup
Posted 15 June 2011 - 01:21 PM

PaulSidcup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
aswMBR:

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-15 15:17:23
-----------------------------
15:17:23.390 OS Version: Windows 5.1.2600 Service Pack 3
15:17:23.390 Number of processors: 2 586 0xE0C
15:17:23.406 ComputerName: PAUL-INSPIRON UserName: Paul
15:17:24.906 Initialize success
15:17:30.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:17:30.406 Disk 0 Vendor: WDC_WD1600BEVT-75A23T0 01.01A01 Size: 152627MB BusType: 3
15:17:32.421 Disk 0 MBR read successfully
15:17:32.421 Disk 0 MBR scan
15:17:32.437 Disk 0 unknown MBR code
15:17:34.437 Disk 0 scanning sectors +312576705
15:17:34.468 Disk 0 scanning C:\WINDOWS\system32\drivers
15:17:54.578 Service scanning
15:17:55.906 Disk 0 trace - called modules:
15:17:55.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:17:55.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f70ab8]
15:17:55.953 3 CLASSPNP.SYS[f75f7fd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f161e0]
15:17:55.953 5 ACPI.sys[f748e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f89940]
15:17:55.953 Scan finished successfully
15:18:24.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul\Desktop\MBR.dat"
15:18:24.687 The log file has been saved successfully to "C:\Documents and Settings\Paul\Desktop\aswMBR.txt"
  • 0

#12
maliprog
Posted 15 June 2011 - 01:33 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good. These logs are clean. Please test your system now and I'll prepare final cleanup if you don't come back with bad news :)
  • 0

#13
PaulSidcup
Posted 15 June 2011 - 02:24 PM

PaulSidcup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
No more redirects! Everything looking good.
  • 0

#14
maliprog
Posted 15 June 2011 - 02:28 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#15
PaulSidcup
Posted 15 June 2011 - 02:40 PM

PaulSidcup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Great work! Thanks again for all your help and your tips for avoiding future infections. You and the website do a super job.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP