Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All browsers are redirecting me


  • This topic is locked This topic is locked
8 replies to this topic

#1 laxtofat

laxtofat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 06 November 2009 - 06:59 PM

Hey Now!
My browsers are redirecting me ( IE6 and 8,google,Chrome,yahoo and Firefox) I think this started after I downloaded Firefox and up dated IE6 to 8, I think ? I get sent to searchclick10.com and MFeed to name a few. I ran a full scan last night with my secureresolutions MSP,which found viruses.and cleaned them. But the problem continued. Malwarebytes found nothing.I also tryed a system restore and removing Chrome,Firefox and IE8. No luck. Along with DDS, attach and ark txt I am sending my SR MSP virus report. I have been told the people on this site are the best. :(
Please Help.
Thank you.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 11:25:30.62 on Fri 11/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1503 [GMT -8:00]

AV: ResolutionsMSP *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
svchost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SR\srlogon.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SR\SrCoreSvc.exe
C:\Program Files\InterVideo\DVR5\SchSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IRRCManager] c:\program files\fujitsu\remote control manager\IRRCManager.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CORSAIR_PLUtil] c:\program files\corsair\corsair flash voyager utility\PLBkMon.exe
mRun: [PLFFAP] c:\windows\system32\HotfixQ0306270.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SR Agent] c:\program files\sr\srlogon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blacki~1.lnk - c:\program files\iss\blackice\blackice.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms peripherals\bounceback express\BBLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\dvr5\SchSvr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxps://manage.secureresolutions.com/clientProducts/VRASP/advanced/tokens/en-us/AXInsalls/SRKS/setup.ocx
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

============= SERVICES / DRIVERS ===============

R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [2006-7-3 7424]
R2 BlackICE;BlackICE;c:\program files\iss\blackice\blackd.exe [2007-1-20 1229430]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-1-6 3712]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2006-2-26 14976]
R2 SR Agent;SR Agent;c:\program files\sr\SrCoreSvc.exe [2009-6-2 99144]
R3 Px64Mc;PIX-MPEG/USB2.0 MCE;c:\windows\system32\drivers\Px64Mc.sys [2005-4-6 239360]
R4 black;black;c:\windows\system32\drivers\blackdrv.sys [2007-1-20 229331]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2006-1-23 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2006-1-23 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2006-1-23 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2006-1-23 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2006-1-23 69632]
S3 RapDrv;RapDrv;c:\windows\system32\drivers\RapDrv.sys [2007-1-20 104968]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2007-1-20 36644]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2007-1-20 24344]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-26 44928]

=============== Created Last 30 ================

2009-11-06 09:08:43 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-03 05:03:24 0 d-----w- c:\documents and settings\administrator\IECompatCache
2009-11-03 03:27:43 4720 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-19 02:28:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky SDK

==================== Find3M ====================

2009-10-19 02:26:54 207788 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-19 02:26:54 15434528 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet(5).dll
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet(10).dll
2009-09-25 05:37:11 627712 ----a-w- c:\windows\system32\urlmon(10).dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\strmdll.dll
2009-06-02 23:11:20 91424 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 11:26:12.85 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 1/21/2006 5:22:11 PM
System Uptime: 11/6/2009 12:12:12 PM (-1 hours ago)

Motherboard: FUJITSU | | TOP01
Processor: Intel® Pentium® M processor 1.86GHz | On Board | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 73 GiB total, 37.541 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP430: 8/10/2009 7:37:28 AM - Restore Operation
RP431: 8/11/2009 8:31:23 AM - Advanced Registry Optimizer - Before One Click
RP432: 8/12/2009 11:23:53 PM - Software Distribution Service 3.0
RP433: 8/18/2009 7:16:54 AM - System Checkpoint
RP434: 8/21/2009 9:43:18 PM - System Checkpoint
RP435: 8/25/2009 12:52:47 AM - Advanced Registry Optimizer - Before One Click
RP436: 8/25/2009 10:32:01 PM - Software Distribution Service 3.0
RP437: 8/28/2009 11:50:08 PM - Software Distribution Service 3.0
RP438: 8/30/2009 12:06:26 AM - Advanced Registry Optimizer - Before One Click
RP439: 8/31/2009 12:19:21 AM - Advanced Registry Optimizer - Before One Click
RP440: 9/1/2009 12:10:40 PM - Advanced Registry Optimizer - Before One Click
RP441: 9/1/2009 2:40:46 PM - Software Distribution Service 3.0
RP442: 9/9/2009 11:31:40 PM - Software Distribution Service 3.0
RP443: 9/15/2009 12:37:42 AM - Advanced Registry Optimizer - Before One Click
RP444: 9/16/2009 8:47:51 AM - System Checkpoint
RP445: 9/17/2009 3:11:04 PM - System Checkpoint
RP446: 9/23/2009 10:44:48 PM - System Checkpoint
RP447: 9/25/2009 7:34:31 AM - System Checkpoint
RP448: 9/29/2009 5:34:39 PM - System Checkpoint
RP449: 10/1/2009 1:24:47 AM - Advanced Registry Optimizer - Before One Click
RP450: 10/1/2009 10:56:55 PM - Advanced Registry Optimizer - Before One Click
RP451: 10/3/2009 12:00:26 AM - Advanced Registry Optimizer - Before One Click
RP452: 10/5/2009 1:52:41 AM - System Checkpoint
RP453: 10/5/2009 7:39:51 PM - Software Distribution Service 3.0
RP454: 10/8/2009 11:00:52 PM - System Checkpoint
RP455: 10/15/2009 12:09:30 AM - Software Distribution Service 3.0
RP456: 10/18/2009 7:12:55 PM - Installed ResolutionsMSP
RP457: 10/20/2009 10:16:30 PM - System Checkpoint
RP458: 10/22/2009 8:04:49 AM - Configured ResolutionsMSP
RP459: 10/26/2009 4:16:05 PM - System Checkpoint
RP460: 11/1/2009 10:12:20 AM - Nov 1 B4 april
RP461: 11/2/2009 8:20:29 PM - Restore Operation
RP462: 11/2/2009 9:50:18 PM - Installed Windows Internet Explorer 8.
RP463: 11/2/2009 9:51:19 PM - Software Distribution Service 3.0
RP464: 11/3/2009 4:01:43 PM - Advanced Registry Optimizer - Before One Click
RP465: 11/4/2009 2:17:20 PM - Software Distribution Service 3.0
RP466: 11/6/2009 12:59:50 AM - Advanced Registry Optimizer - Before One Click
RP467: 11/6/2009 2:05:03 AM - Restore Operation
RP468: 11/6/2009 2:39:04 AM - Software Distribution Service 3.0

==== Installed Programs ======================

2600
2600_Help
2600Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Advanced Registry Optimizer
Agere Systems AC'97 Modem
AiO_Scan
AiOSoftware
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.3
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BlackICE
Bonjour
BounceBack Express
Brother MFL-Pro Suite
BufferChm
Camera Window DS
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Copy
Corsair Flash Voyager Utility
CreativeProjects
CreativeProjectsTemplates
CueTour
Curitel PC Card Software
Destinations
Director
DiscWizard for Windows
DocProc
DocumentViewer
Drivers Install For Linksys Easylink Advisor
Fax
Fujitsu Driver Update V1.1L46
Fujitsu Hotkey Utility
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HotFix Q0306270
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
ImageMixer for Sony
InstantShare
Intel® PROSet/Wireless Software
InterVideo Teletext Epg Scanner
InterVideo WinDVD
InterVideo WinDVD Creator 2
InterVideo WinDVR 5
iTunes
Java™ 6 Update 13
Java™ 6 Update 7
KhalInstallWrapper
KhalSetup
LG USB Drivers
LifeBook Application Panel
Linksys EasyLink Advisor 1.6 (0032)
Logitech SetPoint
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MicroStaff WINASPI
mIWA
mIWCA
mLogView
mMHouse
More Brain Games 1.0
mPfMgr
mPfWiz
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
mZConfig
Octoshape add-in for Adobe Flash Player
Overland
PaperPort
PhotoGallery
PhotoStitch
PrintScreen
ProductContext
QFolder
Quicken 2005
QuickProjects
QuickTime
Readme
Realtek AC'97 Audio
Remote Control Manager
ResolutionsMSP
ResumeMaker
Scan
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
Sonic RecordNow!
Sony USB Driver
SpongeBob SquarePants Typing
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
TrayApp
Typing Instructor Deluxe
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/5/2009 10:41:18 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{26D52CD4-7D96-46B9-94E6-B49882F532EF} because another computer on the network has the same name. The server could not start.
11/1/2009 4:18:32 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0012F06801BB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/31/2009 8:59:54 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Bonjour Service service.

==== End Of File ===========================
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/06 11:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5382000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79DF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1C77000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\ava.tmp
Status: Allocation size mismatch (API: 68214784, Raw: 0)

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\NHB7KDKY.1GE\GTL8V7WX.76T\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\NHB7KDKY.1GE\GTL8V7WX.76T\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

==EOF==eventid,detectiontype,virusname,filename,capturedon,MapTo,Detectedinid
45153450,virus,not-a-virus:FraudTool.Win32.Agent.ub,C:\WINDOWS\system32\wscsvc32.exe,7/22/2009 9:54:25 PM,cleaned,1
45134637,virus,Trojan.Win32.Tdss.ajvp,C:\WINDOWS\system32\wingenocx.dll,7/21/2009 9:18:13 PM,cleaned,1
45153448,virus,Trojan.Win32.Tdss.ajvp,C:\WINDOWS\system32\wingenocx.dll,7/22/2009 9:59:56 PM,cleaned,1
45169893,virus,Trojan.Win32.Tdss.ajvp,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085230.dll,7/23/2009 3:04:17 PM,cleaned,1
45169883,virus,not-a-virus:FraudTool.Win32.Agent.ub,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085223.exe,7/23/2009 3:04:17 PM,cleaned,1
45169886,virus,Trojan.Win32.Agent2.kym,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085202.dll,7/23/2009 3:04:15 PM,cleaned,1
45169887,virus,Packed.Win32.Tdss.m,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085201.dll,7/23/2009 3:04:15 PM,cleaned,1
45169891,virus,Trojan.Win32.Agent2.kyj,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085200.dll,7/23/2009 3:04:15 PM,cleaned,1
45169884,virus,Trojan.Win32.Agent2.kyl,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085199.dll,7/23/2009 3:04:15 PM,cleaned,1
45169889,virus,Trojan.Win32.Agent2.kyk,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085198.dll,7/23/2009 3:04:15 PM,cleaned,1
45169885,virus,Trojan.Win32.Tdss.ajkj,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085197.dll,7/23/2009 3:04:15 PM,cleaned,1
45169890,virus,Rootkit.Win32.Agent.moy,C:\System Volume Information\_restore{D9C75149-7E3C-4086-A23E-569C51DCCB12}\RP423\A0085196.sys,7/23/2009 3:04:15 PM,cleaned,1
45169864,virus,Packed.Win32.Tdss.m,C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvxfuwaabwt.dll.vir,7/23/2009 2:59:04 PM,cleaned,1
45169865,virus,Trojan.Win32.Tdss.ajkj,C:\Qoobox\Quarantine\C\WINDOWS\system32\UACupqlmpikgl.dll.vir,7/23/2009 2:59:04 PM,cleaned,1
45169870,virus,Trojan.Win32.Agent2.kyl,C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpmyxjhqwio.dll.vir,7/23/2009 2:59:03 PM,cleaned,1
45169866,virus,Trojan.Win32.Agent2.kym,C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnqiigatnwd.dll.vir,7/23/2009 2:59:03 PM,cleaned,1
45169869,virus,Trojan.Win32.Agent2.kyj,C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmitxynhhor.dll.vir,7/23/2009 2:59:03 PM,cleaned,1
45169868,virus,Trojan.Win32.Agent2.kyk,C:\Qoobox\Quarantine\C\WINDOWS\system32\UACjjxudovvws.dll.vir,7/23/2009 2:59:03 PM,cleaned,1
45169867,virus,Rootkit.Win32.Agent.moy,C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACymrdbbgknp.sys.vir,7/23/2009 2:59:03 PM,cleaned,1
45134578,virus,Trojan.Win32.Tdss.ajeo,C:\Program Files\Protection System\coreext.dll,7/21/2009 8:32:41 PM,infected,1
46407635,virus,HEUR:Exploit.Script.Generic,C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y16Z81UD\banner[1].pdf//data0000,11/5/2009 9:38:10 PM,cleaned,1
46407634,virus,HEUR:Exploit.Script.Generic,C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y16Z81UD\banner[1].pdf,11/5/2009 9:38:10 PM,cleaned,1
46407632,virus,HEUR:Trojan.Script.Iframer,C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SXQZ49QZ\inova[1].php,11/5/2009 9:39:17 PM,cleaned,1
46407633,virus,HEUR:Exploit.Script.Generic,C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SXQZ49QZ\banner[1].htm,11/5/2009 9:38:13 PM,cleaned,1
45170378,virus,Exploit.Win32.FireFox.a,C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C9IZWH2N\bug504342[2].html,7/23/2009 8:04:26 PM,cleaned,1
45170377,virus,Exploit.Win32.FireFox.a,C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9V9IOKEP\bug504342[2].html,7/23/2009 8:04:43 PM,cleaned,1
45132851,virus,Exploit.Win32.Pidief.bes,C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4ZEN4749\ifDuringHave[1].pdf,7/21/2009 9:39:42 AM,cleaned,1
45153449,virus,EICAR-Test-File,C:\Documents and Settings\Administrator\Local Settings\Temp\Av-test.txt,7/22/2009 9:55:24 PM,cleaned,1
45132902,virus,Exploit.Win32.Pidief.bes,C:\Documents and Settings\Administrator\Local Settings\Temp\Acr9CFC.tmp,7/21/2009 10:17:39 AM,cleaned,1
46407636,virus,HEUR:Exploit.Script.Generic,C:\Documents and Settings\Administrator\Local Settings\temp\Acr936B.tmp//data0000,11/5/2009 9:39:25 PM,cleaned,1
46407631,virus,HEUR:Exploit.Script.Generic,C:\Documents and Settings\Administrator\Local Settings\temp\Acr936B.tmp,11/5/2009 9:39:25 PM,cleaned,1
45451518,virus,Trojan-Downloader.JS.FraudLoad.g,C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6ljgc2y.default\Cache\BE41BE2Cd01,8/11/2009 6:14:55 AM,cleaned,1

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:30 AM

Posted 10 November 2009 - 08:04 PM

Hello

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 laxtofat

laxtofat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 12 November 2009 - 05:12 PM

Hey Syler
My problem is when I try to search for something, I get redirected. Example I'll google Subaru, then hit search, I get sent to the normal google search page and I hit the Subaru offical site. But instead of going to that site I get directed to another search page, all different ,and some have nothing to do with what I'm looking for. Then when I hit the back button . I get sent to MFeed / searchclick10.com. And yahoo search will redirect me or the page will show as unable to conect . The only way I can get to a site is to type the the full address in the address bar , sometimes. this happened after I upgraded to IE8 and downloaded Firefox. And this problem happens in all browsers. Also I can not contact google or log in to youtube. I did a scan with my AV ( secureresolution MSP ) after his happened and it found and cleaned four viruses called HEUR: Trojan . But the problem continued.
Hope this helps you to diagnose my problem. and two other people have used my computer around the time this happened. And they, of corse know nothing?
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-12 13:10:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (51%) free of 75 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:27 PM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SR\SrCoreSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SR\SrLogon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\DVR5\SchSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 89.149.210.61 www.google.com
O1 - Hosts: 89.149.210.61 www.google.de
O1 - Hosts: 89.149.210.61 www.google.fr
O1 - Hosts: 89.149.210.61 www.google.co.uk
O1 - Hosts: 89.149.210.61 www.google.com.br
O1 - Hosts: 89.149.210.61 www.google.it
O1 - Hosts: 89.149.210.61 www.google.es
O1 - Hosts: 89.149.210.61 www.google.co.jp
O1 - Hosts: 89.149.210.61 www.google.com.mx
O1 - Hosts: 89.149.210.61 www.google.ca
O1 - Hosts: 89.149.210.61 www.google.com.au
O1 - Hosts: 89.149.210.61 www.google.nl
O1 - Hosts: 89.149.210.61 www.google.co.za
O1 - Hosts: 89.149.210.61 www.google.be
O1 - Hosts: 89.149.210.61 www.google.gr
O1 - Hosts: 89.149.210.61 www.google.at
O1 - Hosts: 89.149.210.61 www.google.se
O1 - Hosts: 89.149.210.61 www.google.ch
O1 - Hosts: 89.149.210.61 www.google.pt
O1 - Hosts: 89.149.210.61 www.google.dk
O1 - Hosts: 89.149.210.61 www.google.fi
O1 - Hosts: 89.149.210.61 www.google.ie
O1 - Hosts: 89.149.210.61 www.google.no
O1 - Hosts: 89.149.210.61 search.yahoo.com
O1 - Hosts: 89.149.210.61 us.search.yahoo.com
O1 - Hosts: 89.149.210.61 uk.search.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SR Agent] C:\Program Files\SR\srlogon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVR5\SchSvr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} (InstallShield Setup Player V14) - https://manage.secureresolutions.com/client.../SRKS/setup.ocx
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SR Agent - Cyber Resolutions - C:\Program Files\SR\SrCoreSvc.exe

--
End of file - 11070 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3033374411-1931741521-3215598226-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3033374411-1931741521-3215598226-500UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-04-01 880368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-04-01 880368]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-10-26 344064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-27 68096]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-07 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-07-02 163840]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2005-02-28 81920]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2005-02-25 242688]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-02-25 61440]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"IRRCManager"=C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe [2004-09-08 1773568]
"FJUPDNV_Chitose"=C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe [2005-02-10 249856]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"CORSAIR_PLUtil"=C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe [2006-04-19 94208]
"PLFFAP"=C:\WINDOWS\system32\HotfixQ0306270.exe [2003-08-05 45056]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-05-10 94208]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"SetDefPrt"=C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [2004-11-11 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-01-07 864256]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-21 148888]
"SR Agent"=C:\Program Files\SR\srlogon.exe [2009-10-21 1000136]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-06 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BlackICE PC Protection.lnk - C:\Program Files\ISS\BlackICE\blackice.exe
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\DVR5\SchSvr.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-10-26 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{198dc6f1-c201-11dc-8e76-0012f06801bb}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-11-11 22:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 21:57:55 ----D---- C:\rsit
2009-11-11 21:57:55 ----D---- C:\Program Files\trend micro
2009-11-09 09:10:29 ----D---- C:\WINDOWS\ie8updates
2009-11-09 09:08:27 ----D---- C:\WINDOWS\WBEM
2009-11-09 09:06:37 ----HDC---- C:\WINDOWS\ie8
2009-11-06 13:37:12 ----D---- C:\Program Files\WOT
2009-11-06 11:46:54 ----A---- C:\RootRepeal report 11-06-09 (11-46-54).txt
2009-11-06 01:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-11-02 19:27:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-10-18 18:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
2009-10-14 23:15:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-14 23:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 23:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 23:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 23:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 23:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 23:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 23:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 23:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 23:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-12 13:06:22 ----D---- C:\WINDOWS\Temp
2009-11-12 12:56:49 ----D---- C:\WINDOWS\Prefetch
2009-11-12 12:25:31 ----AD---- C:\WINDOWS
2009-11-12 12:25:02 ----D---- C:\Program Files\SR
2009-11-12 12:24:56 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2009-11-12 12:24:18 ----AD---- C:\WINDOWS\system32
2009-11-11 22:56:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-11 22:55:10 ----HD---- C:\WINDOWS\inf
2009-11-11 22:55:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-11 22:54:54 ----A---- C:\WINDOWS\imsins.BAK
2009-11-11 21:57:55 ----RD---- C:\Program Files
2009-11-11 21:50:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-11 21:50:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-09 11:24:28 ----D---- C:\WINDOWS\Help
2009-11-09 09:12:56 ----D---- C:\Program Files\Internet Explorer
2009-11-09 09:08:27 ----D---- C:\WINDOWS\system32\en-us
2009-11-09 09:08:16 ----D---- C:\WINDOWS\Media
2009-11-06 20:32:21 ----SD---- C:\WINDOWS\Tasks
2009-11-06 13:37:12 ----SHD---- C:\WINDOWS\Installer
2009-11-06 13:37:12 ----HD---- C:\Config.Msi
2009-11-06 11:36:48 ----D---- C:\WINDOWS\system32\drivers
2009-11-06 11:10:59 ----D---- C:\Program Files\Google
2009-11-06 01:15:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-06 01:09:11 ----D---- C:\WINDOWS\system32\config
2009-11-06 01:08:43 ----D---- C:\WINDOWS\system32\wbem
2009-11-06 01:08:43 ----D---- C:\WINDOWS\Registration
2009-11-06 01:08:16 ----D---- C:\Program Files\Mozilla Firefox
2009-11-05 09:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-22 01:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-18 18:30:21 ----SHD---- C:\System Volume Information
2009-10-16 06:30:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 06:30:03 ----RSD---- C:\WINDOWS\assembly
2009-10-14 23:19:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-14 23:18:26 ----D---- C:\WINDOWS\WinSxS
2009-10-14 23:15:24 ----A---- C:\WINDOWS\iis6.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-06 317072]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-01-23 17119]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-30 3712]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 portD;CMS PortIO Service; C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 14976]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-07 1270540]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-07-04 103391]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-10-26 820224]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-10-10 45056]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Px64Mc;PIX-MPEG/USB2.0 MCE; C:\WINDOWS\system32\DRIVERS\Px64Mc.sys [2004-08-04 239360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-07-12 67968]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R4 black;black; C:\WINDOWS\System32\drivers\BlackDrv.sys [2005-03-30 229331]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADVNTDRV;ADVNTDRV; C:\WINDOWS\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Airgo;Belkin Wireless Pre-N Notebook Network Driver; C:\WINDOWS\system32\DRIVERS\wnihdd51.sys [2004-08-13 753664]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-14 15295]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-21 21744]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter; C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter; C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 RapDrv;RapDrv; \??\C:\WINDOWS\system32\drivers\RapDrv.sys []
S3 RapFile;RapFile; \??\C:\WINDOWS\system32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\system32\drivers\RapNet.sys []
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WNIPROT5;WNIPROT5 Protocol Driver; \??\C:\WINDOWS\System32\WNIPROT5.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-10-26 413696]
R2 BlackICE;BlackICE; C:\Program Files\ISS\BlackICE\blackd.exe [2004-09-09 1229430]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-21 152984]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2005-09-13 53248]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 SR Agent;SR Agent; C:\Program Files\SR\SrCoreSvc.exe [2009-10-21 99144]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 RapApp;RapApp; C:\Program Files\ISS\BlackICE\rapapp.exe [2003-02-25 684032]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Thank you.

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:30 AM

Posted 12 November 2009 - 09:36 PM

Hi laxtofat,

I see what's causing your redirects, we will try and fix that now, let me know in your next reply if the redirects have stopped.


Download the HostsXpert
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 laxtofat

laxtofat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 14 November 2009 - 01:48 AM

Hello Syler,

I think you did it, good sir. The redirects have stopped in IE8 and Chrome I'm happy to say. I'll down load Firefox in a couple of days and see how that works.
But two things, before your last e-mail when I typed my password to start my computer,the letter y would not work? I then started in safe mode and was able to restored to the day before . And it is still not letting me type y on start up password. I eliminated the problem by changing my password in safe mode.
When I type y after I'm logged on it seems to work fine. And the other thing is when I up dated MBAM it showed that an error occurred and to Please report Error code :702(0.453) . I then hit OK and it finished up dating.
Thank you very much for dealing with my problems.
Malwarebytes' Anti-Malware 1.41
Database version: 3159
Windows 5.1.2600 Service Pack 3

11/12/2009 8:44:21 PM
mbam-log-2009-11-12 (20-44-21).txt

Scan type: Quick Scan
Objects scanned: 106231
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-12 21:00:18
Windows 5.1.2600 Service Pack 3
Running: pzfn9jdl.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxrdapow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\IpFilterDriver \Device\IPFILTERDRIVER BlackDrv.sys (Network driver/Internet Security Systems, Inc.)

---- EOF - GMER 1.0.15 ----
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-12 21:08:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (50%) free of 75 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:08 PM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SR\srlogon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\InterVideo\DVR5\SchSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SR\SrCoreSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SR Agent] C:\Program Files\SR\srlogon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVR5\SchSvr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} (InstallShield Setup Player V14) - https://manage.secureresolutions.com/client.../SRKS/setup.ocx
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SR Agent - Cyber Resolutions - C:\Program Files\SR\SrCoreSvc.exe

--
End of file - 10216 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3033374411-1931741521-3215598226-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3033374411-1931741521-3215598226-500UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-04-01 880368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-04-01 880368]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-10-26 344064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-27 68096]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-07 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-07-02 163840]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2005-02-28 81920]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2005-02-25 242688]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-02-25 61440]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"IRRCManager"=C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe [2004-09-08 1773568]
"FJUPDNV_Chitose"=C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe [2005-02-10 249856]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"CORSAIR_PLUtil"=C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe [2006-04-19 94208]
"PLFFAP"=C:\WINDOWS\system32\HotfixQ0306270.exe [2003-08-05 45056]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-05-10 94208]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"SetDefPrt"=C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [2004-11-11 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-01-07 864256]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-21 148888]
"SR Agent"=C:\Program Files\SR\srlogon.exe [2009-10-21 1000136]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-06 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BlackICE PC Protection.lnk - C:\Program Files\ISS\BlackICE\blackice.exe
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\DVR5\SchSvr.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-10-26 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{198dc6f1-c201-11dc-8e76-0012f06801bb}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-11-11 22:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 21:57:55 ----D---- C:\rsit
2009-11-11 21:57:55 ----D---- C:\Program Files\trend micro
2009-11-09 09:10:29 ----D---- C:\WINDOWS\ie8updates
2009-11-09 09:08:27 ----D---- C:\WINDOWS\WBEM
2009-11-09 09:06:37 ----HDC---- C:\WINDOWS\ie8
2009-11-06 13:37:12 ----D---- C:\Program Files\WOT
2009-11-06 11:46:54 ----A---- C:\RootRepeal report 11-06-09 (11-46-54).txt
2009-11-06 01:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-11-02 19:27:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-10-18 18:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
2009-10-14 23:15:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-14 23:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 23:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 23:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 23:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 23:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 23:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 23:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 23:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 23:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 1 months======

2009-11-12 21:08:06 ----D---- C:\WINDOWS\Prefetch
2009-11-12 21:05:55 ----D---- C:\WINDOWS\Temp
2009-11-12 21:05:16 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2009-11-12 21:05:00 ----AD---- C:\WINDOWS
2009-11-12 21:02:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-12 20:36:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-12 20:36:38 ----D---- C:\WINDOWS\system32\drivers
2009-11-12 20:14:55 ----AD---- C:\WINDOWS\system32
2009-11-12 19:34:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-12 19:31:46 ----HD---- C:\WINDOWS\inf
2009-11-12 19:31:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-12 19:31:23 ----A---- C:\WINDOWS\imsins.BAK
2009-11-12 19:27:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-12 19:21:38 ----D---- C:\WINDOWS\system32\config
2009-11-12 19:20:03 ----D---- C:\WINDOWS\system32\wbem
2009-11-12 19:19:59 ----D---- C:\WINDOWS\Registration
2009-11-12 19:14:18 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-12 18:44:10 ----D---- C:\Program Files\SR
2009-11-11 21:57:55 ----RD---- C:\Program Files
2009-11-11 21:50:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-09 11:24:28 ----D---- C:\WINDOWS\Help
2009-11-09 09:12:56 ----D---- C:\Program Files\Internet Explorer
2009-11-09 09:08:27 ----D---- C:\WINDOWS\system32\en-us
2009-11-09 09:08:16 ----D---- C:\WINDOWS\Media
2009-11-06 20:32:21 ----SD---- C:\WINDOWS\Tasks
2009-11-06 13:37:12 ----SHD---- C:\WINDOWS\Installer
2009-11-06 13:37:12 ----HD---- C:\Config.Msi
2009-11-06 11:10:59 ----D---- C:\Program Files\Google
2009-11-06 01:08:16 ----D---- C:\Program Files\Mozilla Firefox
2009-11-05 09:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-22 01:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-18 18:30:21 ----SHD---- C:\System Volume Information
2009-10-16 06:30:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 06:30:03 ----RSD---- C:\WINDOWS\assembly
2009-10-14 23:19:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-14 23:18:26 ----D---- C:\WINDOWS\WinSxS
2009-10-14 23:15:24 ----A---- C:\WINDOWS\iis6.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-06 317072]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-01-23 17119]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-30 3712]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 portD;CMS PortIO Service; C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 14976]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-07 1270540]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-07-04 103391]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-10-26 820224]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-10-10 45056]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-21 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-21 21744]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Px64Mc;PIX-MPEG/USB2.0 MCE; C:\WINDOWS\system32\DRIVERS\Px64Mc.sys [2004-08-04 239360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-07-12 67968]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R4 black;black; C:\WINDOWS\System32\drivers\BlackDrv.sys [2005-03-30 229331]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADVNTDRV;ADVNTDRV; C:\WINDOWS\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Airgo;Belkin Wireless Pre-N Notebook Network Driver; C:\WINDOWS\system32\DRIVERS\wnihdd51.sys [2004-08-13 753664]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-14 15295]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter; C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter; C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 RapDrv;RapDrv; \??\C:\WINDOWS\system32\drivers\RapDrv.sys []
S3 RapFile;RapFile; \??\C:\WINDOWS\system32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\system32\drivers\RapNet.sys []
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WNIPROT5;WNIPROT5 Protocol Driver; \??\C:\WINDOWS\System32\WNIPROT5.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-10-26 413696]
R2 BlackICE;BlackICE; C:\Program Files\ISS\BlackICE\blackd.exe [2004-09-09 1229430]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-21 152984]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2005-09-13 53248]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 SR Agent;SR Agent; C:\Program Files\SR\SrCoreSvc.exe [2009-10-21 99144]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 RapApp;RapApp; C:\Program Files\ISS\BlackICE\rapapp.exe [2003-02-25 684032]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Attached Files



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:30 AM

Posted 15 November 2009 - 07:20 PM

Hi laxtofat,

That's a strange problem with your Y key, I don't know what would cause that but I don't think it;s a malware problem. The Malwarebytes error could have been caused by
your security software interfering, please try disabling your security software then update MBAM again and let me know if you still get the error messsage.


Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.



TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.TFC(Temp File Cleaner):



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • checkup.txt
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#7 laxtofat

laxtofat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 18 November 2009 - 03:29 AM

Hello Syler
I no longer have any browser redirects thanks to you sir. I have tried it in IE8 , Chrome and Firefox. And as far as that Y not working, it did it again. But this time it would not work at all. So I vacuumed my key board then hit it with some air and the Y key started working fine. I hope it was just a coincidence that it happened a little after this redirect problem started.
I thank you for expertise and patience with me and my problem. :( .
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java™ 6 Update 13
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````
The Kasperski ran the computer scan and it found nothing 0 .
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-17 23:39:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (50%) free of 75 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:40 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SR\SrCoreSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\SR\SrLogon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\DVR5\SchSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT(2).exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SR Agent] C:\Program Files\SR\srlogon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVR5\SchSvr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} (InstallShield Setup Player V14) - https://manage.secureresolutions.com/client.../SRKS/setup.ocx
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SR Agent - Cyber Resolutions - C:\Program Files\SR\SrCoreSvc.exe

--
End of file - 9853 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3033374411-1931741521-3215598226-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3033374411-1931741521-3215598226-500UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-04-01 880368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-04-01 880368]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-10-26 344064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-27 68096]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-07 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-07-02 163840]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2005-02-28 81920]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2005-02-25 242688]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-02-25 61440]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"IRRCManager"=C:\Program Files\Fujitsu\Remote Control Manager\IRRCManager.exe [2004-09-08 1773568]
"FJUPDNV_Chitose"=C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe [2005-02-10 249856]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"CORSAIR_PLUtil"=C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe [2006-04-19 94208]
"PLFFAP"=C:\WINDOWS\system32\HotfixQ0306270.exe [2003-08-05 45056]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-05-10 94208]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"SetDefPrt"=C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [2004-11-11 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-01-07 864256]
"SR Agent"=C:\Program Files\SR\srlogon.exe [2009-10-21 1000136]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-06 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BlackICE PC Protection.lnk - C:\Program Files\ISS\BlackICE\blackice.exe
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\DVR5\SchSvr.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-10-26 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{198dc6f1-c201-11dc-8e76-0012f06801bb}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-11-16 21:21:50 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-16 21:21:50 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-16 21:21:50 ----A---- C:\WINDOWS\system32\java.exe
2009-11-11 22:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 21:57:55 ----D---- C:\rsit
2009-11-11 21:57:55 ----D---- C:\Program Files\trend micro
2009-11-09 09:10:29 ----D---- C:\WINDOWS\ie8updates
2009-11-09 09:08:27 ----D---- C:\WINDOWS\WBEM
2009-11-09 09:06:37 ----HDC---- C:\WINDOWS\ie8
2009-11-06 13:37:12 ----D---- C:\Program Files\WOT
2009-11-06 11:46:54 ----A---- C:\RootRepeal report 11-06-09 (11-46-54).txt
2009-11-06 01:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-10-18 18:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK

======List of files/folders modified in the last 1 months======

2009-11-17 23:36:29 ----D---- C:\WINDOWS\Temp
2009-11-17 20:45:07 ----D---- C:\Program Files\Mozilla Firefox
2009-11-17 20:28:34 ----AD---- C:\WINDOWS
2009-11-17 20:27:38 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2009-11-17 14:47:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-17 09:17:43 ----D---- C:\Program Files\SR
2009-11-16 23:21:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-16 21:22:18 ----SHD---- C:\WINDOWS\Installer
2009-11-16 21:21:53 ----HD---- C:\Config.Msi
2009-11-16 21:21:50 ----AD---- C:\WINDOWS\system32
2009-11-16 21:21:48 ----D---- C:\Program Files\Java
2009-11-14 00:46:18 ----D---- C:\WINDOWS\Prefetch
2009-11-13 08:56:04 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-12 20:36:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-12 20:36:38 ----D---- C:\WINDOWS\system32\drivers
2009-11-12 19:31:46 ----HD---- C:\WINDOWS\inf
2009-11-12 19:31:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-12 19:31:23 ----A---- C:\WINDOWS\imsins.BAK
2009-11-12 19:27:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-12 19:21:38 ----D---- C:\WINDOWS\system32\config
2009-11-12 19:20:03 ----D---- C:\WINDOWS\system32\wbem
2009-11-12 19:19:59 ----D---- C:\WINDOWS\Registration
2009-11-11 21:57:55 ----RD---- C:\Program Files
2009-11-11 21:50:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-09 11:24:28 ----D---- C:\WINDOWS\Help
2009-11-09 09:12:56 ----D---- C:\Program Files\Internet Explorer
2009-11-09 09:08:27 ----D---- C:\WINDOWS\system32\en-us
2009-11-09 09:08:16 ----D---- C:\WINDOWS\Media
2009-11-06 20:32:21 ----SD---- C:\WINDOWS\Tasks
2009-11-06 11:10:59 ----D---- C:\Program Files\Google
2009-11-05 09:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-22 01:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-18 18:30:21 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-06 317072]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-01-23 17119]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-30 3712]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 portD;CMS PortIO Service; C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 14976]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-07 1270540]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-07-04 103391]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-10-26 820224]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-10-10 45056]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Px64Mc;PIX-MPEG/USB2.0 MCE; C:\WINDOWS\system32\DRIVERS\Px64Mc.sys [2004-08-04 239360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-07-12 67968]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R4 black;black; C:\WINDOWS\System32\drivers\BlackDrv.sys [2005-03-30 229331]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADVNTDRV;ADVNTDRV; C:\WINDOWS\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Airgo;Belkin Wireless Pre-N Notebook Network Driver; C:\WINDOWS\system32\DRIVERS\wnihdd51.sys [2004-08-13 753664]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-14 15295]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-21 21744]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter; C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter; C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 RapDrv;RapDrv; \??\C:\WINDOWS\system32\drivers\RapDrv.sys []
S3 RapFile;RapFile; \??\C:\WINDOWS\system32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\system32\drivers\RapNet.sys []
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WNIPROT5;WNIPROT5 Protocol Driver; \??\C:\WINDOWS\System32\WNIPROT5.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-10-26 413696]
R2 BlackICE;BlackICE; C:\Program Files\ISS\BlackICE\blackd.exe [2004-09-09 1229430]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2005-09-13 53248]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 SR Agent;SR Agent; C:\Program Files\SR\SrCoreSvc.exe [2009-10-21 99144]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 RapApp;RapApp; C:\Program Files\ISS\BlackICE\rapapp.exe [2003-02-25 684032]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Attached Files



#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:30 AM

Posted 20 November 2009 - 03:42 AM

Hi laxtofat,

Your logs look ok to me now :(


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :(

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:30 AM

Posted 21 November 2009 - 06:07 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users