Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirecting


  • Please log in to reply
10 replies to this topic

#1 waldingrl

waldingrl

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 17 November 2009 - 04:23 PM

Hi there! I've been having a problem with Firefox (and IE, for that matter) redirecting typed in and linked websites to shopping and other search sites. I ran AVG, and always have Symantec Endpoint Protection 11 on. As I was researching I also ran Goored and SDfix. I am having trouble getting DDS Tool to download, and my RootRepeal report is running now, but I wanted to get this up here and started.

Here's the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:36 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesPure Digital TechnologiesFlipShareFlipShareService.exe
C:WINDOWSExplorer.EXE
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe
C:WINDOWSsystem32mqsvc.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSsystem32AccelerometerSt.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32mqtgsvc.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
C:Program FilesSymantecSymantec Endpoint ProtectionSmcGui.exe
C:WINDOWSSMINSTScheduler.exe
C:Program FilesHPDfawepbinhpbdfawep.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe
C:Program FilesLogitechQuickCamQuickcam.exe
C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe
C:PROGRA~1AVGAVG9avgtray.exe
C:Program FilesSpyNoMoreSNM.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesDNAbtdna.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
C:Program FilesMicrotekScanWizard 5ScannerFinder.exe
C:Program FilesSecurity Management SystemServiceMonitor.exe
C:Program FilesCommon FilesSonic SharedCineTray.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Program FilesSkypeToolbarsSharedSkypeNames.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.blackbaud.com/fwsupport.aspx
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSSystem32DLADLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SoundMAX] C:Program FilesAnalog DevicesSoundMAXSmax4.exe /tray
O4 - HKLM..Run: [AccelerometerSysTrayApplet] C:WINDOWSsystem32AccelerometerSt.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [Cpqset] C:Program FilesHPQDefault Settingscpqset.exe
O4 - HKLM..Run: [Recguard] C:WINDOWSSminstRecguard.exe
O4 - HKLM..Run: [Reminder] C:WINDOWSCreatorRemind_XP.exe
O4 - HKLM..Run: [Scheduler] C:WINDOWSSMINSTScheduler.exe
O4 - HKLM..Run: [hpbdfawep] C:Program FilesHPDfawepbinhpbdfawep.exe 1
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM..Run: [LogitechCommunicationsManager] "C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe"
O4 - HKLM..Run: [LogitechQuickCamRibbon] "C:Program FilesLogitechQuickCamQuickcam.exe" /hide
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
O4 - HKLM..Run: [SNM] C:Program FilesSpyNoMoreSNM.exe /startup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LogitechSetup] E:setup.exe /skip_all_checks /p /start /restart /l:enu
O4 - HKCU..Run: [Google Update] "C:Documents and SettingsRobinLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesDNAbtdna.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:Program FilesMicrotekScanWizard 5ScannerFinder.exe
O4 - Global Startup: SMS Service Monitor.lnk = C:Program FilesSecurity Management SystemServiceMonitor.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:Program FilesCommon FilesSonic SharedCineTray.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:PROGRA~1MICROS~2Office1033phdintl.dll/phdContext.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted IP range: 10.0.0.90
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1226000262562
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:Program FilesPure Digital TechnologiesFlipShareFlipShareService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:Program FilesNOSbingetPlus_HelperSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exe
O23 - Service: SMS Client Services (MultimaxClientService) - Group 4 Technology - C:Program FilesSecurity Management SystemMultimaxClientService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:WINDOWSSMINSTPCAngel.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe

--
End of file - 12807 bytes


The SDFix Log:

Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 15:32:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{632934CD-E780-195A-6AA9-0C951994012D}]
"iaegjooccljckflkhl"=hex:6a,61,61,66,61,6a,6d,68,6c,62,6d,6a,67,67,66,67,65,6e,6e,6d,00,..
"hagipciebpgkcgna"=hex:6a,61,61,66,61,6a,6d,68,6c,62,6d,6a,67,67,66,67,65,6e,6e,6d,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:WINDOWSSMINSTScheduler.exe"="C:WINDOWSSMINSTScheduler.exe:*:Enabled:Scheduler "
"C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"="C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe"="C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe:*:Enabled:SMC Service"
"C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE"="C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE:*:Enabled:SNAC Service"
"C:Program FilesCommon FilesSymantec SharedccApp.exe"="C:Program FilesCommon FilesSymantec SharedccApp.exe:*:Enabled:Symantec Email"
"C:WINDOWSsystem32mqsvc.exe"="C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing"
"C:Program FilesSecurity Management SystemMultimaxClientService.exe"="C:Program FilesSecurity Management SystemMultimaxClientService.exe:*:Enabled:SMS Client Service"
"C:Program FilesSecurity Management SystemMultimax.exe"="C:Program FilesSecurity Management SystemMultimax.exe:*:Enabled:Security Management System"
"C:Documents and SettingsRobinLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.dll"="C:Documents and SettingsRobinLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:Documents and SettingsRobinLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe"="C:Documents and SettingsRobinLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe"="C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:Program FilesDNAbtdna.exe"="C:Program FilesDNAbtdna.exe:*:Enabled:DNA"
"C:Program FilesBitTorrentbittorrent.exe"="C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent"
"C:Program FilesuTorrentuTorrent.exe"="C:Program FilesuTorrentuTorrent.exe:*:Enabled:ęTorrent"
"C:Program FilesSkypePhoneSkype.exe"="C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype"
"C:Program FilesAVGAVG9avgupd.exe"="C:Program FilesAVGAVG9avgupd.exe:*:Enabled:avgupd.exe"
"C:Program FilesAVGAVG9avgnsx.exe"="C:Program FilesAVGAVG9avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:WINDOWSsystem32mqsvc.exe"="C:WINDOWSsystem32mqsvc.exe:*:Enabled:Message Queuing"
"C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe"="C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files :



Files with Hidden Attributes :

Mon 26 Jan 2009 1,740,632 A.SHR --- "C:Program FilesSpybot - Search & DestroySDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:Program FilesSpybot - Search & DestroySpybotSD.exe"
Mon 26 Jan 2009 2,144,088 A.SHR --- "C:Program FilesSpybot - Search & DestroyTeaTimer.exe"
Wed 18 Feb 2009 9,898 ...H. --- "C:Documents and SettingsRobinDesktop~WRL1877.tmp"
Mon 12 May 2008 407 A..H. --- "C:Program FilesCommon FilesSymantec SharedCOHCOH32LU.reg"
Mon 12 May 2008 400 A..H. --- "C:Program FilesCommon FilesSymantec SharedCOHCOHDLU.reg"
Thu 12 Jan 2006 196 A.SHR --- "C:Documents and SettingsRobinDesktopWOrkTest NightlyBOOT.BAK"
Fri 30 Mar 2007 19,968 A..H. --- "C:Documents and SettingsRobinDesktopWOrkD.MileyLiberty Park Concessions~WRL2346.tmp"
Wed 4 Apr 2007 20,992 A..H. --- "C:Documents and SettingsRobinDesktopWOrkD.MileyLiberty Park Concessions~WRL2485.tmp"
Thu 19 Jan 2006 56 A.SHR --- "C:Documents and SettingsRobinDesktopWOrkTest NightlyWINDOWSsystem324D5F065ECC.sys"
Thu 29 Sep 2005 6,358 A..H. --- "C:Documents and SettingsRobinDesktopWOrkTest NightlyWINDOWSsystem32configsystemprofileApplication DataMicrosoftOfficeShortcut BarOff1CF.tmp"
Fri 26 Aug 2005 6,358 A..H. --- "C:Documents and SettingsRobinDesktopWOrkTest NightlyWINDOWSsystem32configsystemprofileApplication DataMicrosoftOfficeShortcut BarOff3.tmp"

Finished!


The Goored log:
GooredFix by jpshortstuff (09.11.09.1)
Log created at 15:16 on 17/11/2009 (Robin)
Firefox version 3.0.15 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:Program FilesMozilla Firefoxextensions
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:29 10/11/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [00:30 27/09/2009]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [15:43 10/11/2008]

[HKEY_LOCAL_MACHINESoftwareMozillaFirefoxExtensions]
"jqs@sun.com"="C:Program FilesJavajre6libdeployjqsff" [15:43 10/11/2008]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:Program FilesAVGAVG9Firefox" [18:14 16/11/2009]

---------- Old Logs ----------
GooredFix[18.13.46_13-11-2009].txt

-=E.O.F=-

The redirect seems to only happen when I go to www.tivocommunity.com - I can't even get there from this machine anymore.

I will post the RootRepeal log when it is finished. And if someone can help me figure out how to download ddstools I'd appreciate it.

Thanks in advance for your help!

~Robin

Root Repeal report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/17 16:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:WINDOWSSystem32Driversdump_iaStor.sys
Address: 0xA52FE000 Size: 876544 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA0E9E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:hiberfil.sys
Status: Locked to the Windows API!

Path: c:documents and settingsrobinlocal settingstempetilqs_qflhgewgxehpcvddly18
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:documents and settingsrobinapplication datamozillafirefoxprofilesifldsthv.defaultsessionstore.js
Status: Size mismatch (API: 31498, Raw: 31451)

Path: c:program fileslogitechdesktop messenger8876480usersrobindatad0000000.fcs
Status: Allocation size mismatch (API: 512, Raw: 0)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a4d50b0

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a4d7b50

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a414d98

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a4c9668

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a5c12d0

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a3f8290

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a3f5d98

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a4cd600

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a4cd7e0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8afa6d88

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a4c30b0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a4d9838

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8af9eea8

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a4e7400

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a4d81a8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a5df358

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a5b7ea8

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a4c5918

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a4d7f30

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a504db0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a4d8170

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a4d9280

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a5fcd98

==EOF==

Merged posts. ~ OB

EDIT: To add DDSTools Report:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2008 4:07:37 PM
System Uptime: 11/17/2009 3:39:48 PM (18 hours ago)

Motherboard: Hewlett-Packard | | 30A3
Processor: Intel® Core™2 CPU T7400 @ 2.16GHz | U10 | 994/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 87 GiB total, 34.947 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.693 GiB free.
E: is CDROM ()
F: is Removable
Z: is NetworkDisk (NTFS) - 68 GiB total, 55.058 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: X1DE-USB
Device ID: USB\VID_08BD&PID_1100\6&216455B4&0&1
Manufacturer:
Name: X1DE-USB
PNP Device ID: USB\VID_08BD&PID_1100\6&216455B4&0&1
Service:

==== System Restore Points ===================

RP227: 8/20/2009 10:55:19 AM - System Checkpoint
RP228: 8/21/2009 5:40:26 PM - System Checkpoint
RP229: 8/22/2009 11:07:37 PM - System Checkpoint
RP230: 8/23/2009 11:46:08 PM - System Checkpoint
RP231: 8/25/2009 12:46:08 AM - System Checkpoint
RP232: 8/26/2009 10:20:50 AM - Software Distribution Service 3.0
RP233: 8/27/2009 3:00:16 AM - Software Distribution Service 3.0
RP234: 8/28/2009 6:49:28 AM - System Checkpoint
RP235: 8/29/2009 7:22:10 AM - System Checkpoint
RP236: 8/30/2009 8:57:38 AM - System Checkpoint
RP237: 8/31/2009 9:53:33 AM - System Checkpoint
RP238: 9/2/2009 12:11:27 PM - System Checkpoint
RP239: 9/3/2009 12:39:02 PM - System Checkpoint
RP240: 9/4/2009 1:08:12 PM - System Checkpoint
RP241: 9/5/2009 2:43:14 PM - System Checkpoint
RP242: 9/7/2009 4:28:39 PM - System Checkpoint
RP243: 9/9/2009 4:27:17 PM - System Checkpoint
RP244: 9/10/2009 8:52:25 AM - Software Distribution Service 3.0
RP245: 9/11/2009 10:38:12 AM - System Checkpoint
RP246: 9/13/2009 1:23:17 PM - System Checkpoint
RP247: 9/16/2009 1:07:59 PM - System Checkpoint
RP248: 9/17/2009 4:33:29 PM - System Checkpoint
RP249: 9/18/2009 8:46:19 PM - System Checkpoint
RP250: 9/20/2009 1:51:08 AM - System Checkpoint
RP251: 9/21/2009 2:27:53 AM - System Checkpoint
RP252: 9/22/2009 12:34:27 PM - System Checkpoint
RP253: 9/24/2009 9:49:36 AM - System Checkpoint
RP254: 9/25/2009 8:27:48 PM - System Checkpoint
RP255: 9/26/2009 9:29:19 PM - System Checkpoint
RP256: 9/27/2009 11:16:03 PM - System Checkpoint
RP257: 9/30/2009 12:18:40 PM - System Checkpoint
RP258: 10/1/2009 2:42:15 PM - System Checkpoint
RP259: 10/2/2009 3:31:07 PM - System Checkpoint
RP260: 10/3/2009 10:14:43 PM - System Checkpoint
RP261: 10/4/2009 10:18:34 PM - System Checkpoint
RP262: 10/6/2009 10:43:14 AM - System Checkpoint
RP263: 10/7/2009 11:55:21 AM - System Checkpoint
RP264: 10/8/2009 12:31:59 PM - System Checkpoint
RP265: 10/9/2009 12:48:18 PM - System Checkpoint
RP266: 10/10/2009 1:48:18 PM - System Checkpoint
RP267: 10/11/2009 6:35:21 PM - System Checkpoint
RP268: 10/12/2009 7:24:13 PM - System Checkpoint
RP269: 10/17/2009 9:22:13 AM - System Checkpoint
RP270: 10/18/2009 10:59:32 AM - System Checkpoint
RP271: 10/19/2009 12:24:21 PM - System Checkpoint
RP272: 10/20/2009 2:10:13 PM - System Checkpoint
RP273: 10/22/2009 12:11:23 PM - System Checkpoint
RP274: 10/23/2009 3:44:12 PM - System Checkpoint
RP275: 10/24/2009 11:14:31 PM - System Checkpoint
RP276: 10/26/2009 12:55:16 PM - System Checkpoint
RP277: 10/27/2009 1:37:49 PM - System Checkpoint
RP278: 10/29/2009 12:33:37 PM - System Checkpoint
RP279: 10/30/2009 11:02:01 PM - System Checkpoint
RP280: 10/31/2009 11:27:45 PM - System Checkpoint
RP281: 11/2/2009 10:51:04 AM - System Checkpoint
RP282: 11/3/2009 1:32:34 PM - System Checkpoint
RP283: 11/4/2009 10:26:21 PM - System Checkpoint
RP284: 11/5/2009 11:32:06 PM - System Checkpoint
RP285: 11/7/2009 10:04:22 AM - System Checkpoint
RP286: 11/8/2009 9:50:59 AM - System Checkpoint
RP287: 11/9/2009 12:44:05 PM - System Checkpoint
RP288: 11/10/2009 1:10:10 PM - System Checkpoint
RP289: 11/10/2009 2:23:20 PM - Removed Adobe Acrobat 8 Professional
RP290: 11/10/2009 2:25:56 PM - Installed Adobe Acrobat 9 Pro.
RP291: 11/11/2009 3:00:58 PM - System Checkpoint
RP292: 11/12/2009 4:17:52 PM - System Checkpoint
RP293: 11/13/2009 10:00:16 PM - System Checkpoint
RP294: 11/14/2009 10:01:04 PM - System Checkpoint
RP295: 11/16/2009 7:28:44 AM - System Checkpoint
RP296: 11/16/2009 11:25:43 AM - Installed Adobe Acrobat 9 Pro.
RP297: 11/16/2009 1:14:52 PM - Installed AVG Free 9.0
RP298: 11/17/2009 4:56:53 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP BiDi Channel Components Installer
AccuWage 2008
Acrobat.com
Adobe Acrobat 9 Pro
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9
Agere Systems HDA Modem
Application Installer 4.00.B5
ASAP Utilities
ATI Catalyst Control Center
ATI Display Driver
AVG Free 9.0
BadCopy Pro
CanoScan LiDE 90
Coupon Printer for Windows
Digsby
DNA
Fingerprint Sensor Minimum Install
FlipShare
Google Talk Plugin
GoToAssist Express Expert 1.0.0.128
GoToMeeting 4.1.0.366
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Backup and Recovery Manager Installer
HP Care Pack Core
HP Care Pack Products
HP Integrated Module with Bluetooth wireless technology
HP LaserJet P3005
HP LaserJet P3005 Install Notes
HP LaserJet P3005 User Guide
HP Mobile Data Protection System
HP Quick Launch Buttons 6.00 D2
HP Support Phone Numbers
HpSdpAppCoreApp
Java™ 6 Update 10
LiveUpdate 3.3 (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Magicard Rio/Tango 2e
Magicard Support Utility
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft PhotoDraw 2000 V2
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NetSetMan 2.5.1
pcProx
pcProxPlus
ReaJPEG Pro 3.9
Roxio Audio Module
Roxio CinePlayer
Roxio Copy Module
Roxio Data Module
Roxio DLA
Roxio Express Labeler
Roxio MyDVD Plus
Roxio Update Manager
ScanWizard 5
Security Management System
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sentinel System Driver 5.41.1 (32-bit)
Skype web features
Skype™ 4.1
SoundMAX
SpyNoMore 2.94
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Whisper 32
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

11/17/2009 3:05:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip
11/17/2009 3:05:43 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2009 3:05:43 PM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2009 3:05:43 PM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2009 3:05:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2009 3:05:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2009 3:05:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2009 3:05:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/17/2009 3:05:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/17/2009 3:04:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/17/2009 12:05:51 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
11/14/2009 9:17:11 PM, error: Service Control Manager [7022] - The hpqwmiex service hung on starting.
11/13/2009 9:59:23 AM, error: DCOM [10000] - Unable to start a DCOM Server: {51FA2736-5DEE-11D4-98E8-006008BF430C}. The error: "%2" Happened while starting this command: C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE -Embedding
11/13/2009 9:07:37 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F122F1CA-A6B2-412B-8232-B5CA0D48918B} because another computer on the network has the same name. The server could not start.
11/13/2009 8:13:49 PM, error: Service Control Manager [7000] - The ASPI32 service failed to start due to the following error: The system cannot find the file specified.
11/13/2009 8:13:08 PM, error: Dhcp [1002] - The IP address lease 192.168.0.199 for the Network Card with network address 0018DEBD959B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/13/2009 2:50:56 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer BRIAN using any of the configured protocols.
11/13/2009 2:50:35 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer MARYS using any of the configured protocols.
11/13/2009 11:08:46 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2009 11:08:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
11/13/2009 11:08:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
11/13/2009 10:36:37 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.

==== End Of File ===========================

Edited by waldingrl, 18 November 2009 - 09:34 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:48 PM

Posted 25 November 2009 - 07:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 waldingrl

waldingrl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 27 November 2009 - 01:22 PM

Thanks for your response. I should mention that I've noticed that I seem to have the redirects only when i'm connected to my docking station at the office. When I'm on my home network everything works normally.

OTL:

OTL logfile created on: 11/27/2009 1:14:09 PM - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\Robin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.46 Gb Total Space | 34.10 Gb Free Space | 38.99% Space Free | Partition Type: NTFS
Drive D: | 5.68 Gb Total Space | 0.69 Gb Free Space | 12.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC580831321172
Current User Name: Robin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/27 13:13:12 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
PRC - [2009/11/16 13:15:14 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/16 13:15:13 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/16 13:15:13 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/16 13:15:12 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/16 13:15:08 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/16 13:14:57 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/12 19:40:45 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/28 19:28:05 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/08 13:18:12 | 01,067,472 | ---- | M] (Illysoft LLC) -- C:\Program Files\SpyNoMore\SNM.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/04 09:45:51 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/11/13 13:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/10 10:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/11/10 10:43:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/12 10:47:56 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/05/12 10:47:56 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/05/12 10:47:54 | 02,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/05/12 10:47:54 | 01,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/05/12 10:47:52 | 02,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/14 05:42:28 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2008/04/14 05:42:28 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/13 13:06:58 | 02,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/02/13 13:02:46 | 00,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 13:02:24 | 00,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/02/05 18:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/01/20 20:20:00 | 00,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\UM_RTMC.EXE
PRC - [2007/09/21 09:25:52 | 00,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [2007/03/19 05:52:46 | 00,180,224 | ---- | M] (Securitas Technology) -- C:\Program Files\Security Management System\ServiceMonitor.exe
PRC - [2006/07/05 18:21:30 | 00,036,864 | ---- | M] () -- C:\Program Files\HP\Dfawep\bin\hpbwepdelay.exe
PRC - [2006/03/02 17:39:42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/03/02 17:38:04 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/02/15 17:43:16 | 00,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/02/15 16:16:02 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/02/15 16:14:44 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/02/15 16:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/01/29 20:00:04 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006/01/17 00:01:46 | 00,053,248 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2006/01/10 14:23:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/11/10 13:04:00 | 00,761,945 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/10/15 02:01:00 | 00,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2005/09/28 05:10:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/12 16:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/12 16:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/05/20 03:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004/08/04 03:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2009/11/27 13:13:12 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
MOD - [2008/02/05 18:20:30 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/16 13:14:57 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/10 14:43:14 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/13 13:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/11/10 10:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/10/06 09:19:36 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/05/12 10:47:56 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/05/12 10:47:56 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/05/12 10:47:54 | 02,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/05/12 10:47:54 | 00,288,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/05/12 10:47:52 | 02,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/14 05:42:28 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2008/04/14 05:42:28 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2008/02/05 18:22:36 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/08/11 20:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/03/19 05:35:18 | 02,273,280 | ---- | M] (Group 4 Technology) -- C:\Program Files\Security Management System\MultimaxClientService.exe -- (MultimaxClientService)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/03/02 17:38:04 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/15 16:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/01/12 14:22:38 | 00,294,912 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA)
SRV - [2006/01/10 14:23:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2009/11/25 09:07:16 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091125.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/11/25 09:07:15 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091125.004\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/16 13:15:34 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/16 13:15:29 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/16 13:15:28 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/16 10:36:26 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 07:52:58 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/11/07 11:47:07 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/11/07 11:44:12 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/05/12 10:47:56 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/05/12 10:47:56 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/05/12 10:47:56 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/05/12 10:47:50 | 00,191,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/05/12 10:47:50 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/05/12 10:47:48 | 00,420,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/05/08 09:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:09:46 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/05 21:21:48 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/05 21:21:37 | 04,658,456 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/02/05 21:21:25 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 21:20:40 | 00,628,760 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 18:20:08 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 00,689,176 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/03/10 20:12:54 | 00,130,048 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006/03/02 17:45:14 | 01,480,704 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/28 08:36:20 | 00,176,128 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/02/15 15:56:58 | 01,342,570 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/15 15:54:10 | 00,057,096 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/08 20:00:04 | 00,142,720 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/01/29 20:00:04 | 01,120,352 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/19 08:50:40 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/01/10 03:00:04 | 00,022,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/01/10 03:00:04 | 00,017,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2005/11/10 12:50:38 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/10/12 07:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/28 05:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/28 05:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/28 05:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/28 05:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/28 05:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/28 05:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/28 05:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/20 04:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/07/28 03:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 09:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 09:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 05:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/10 08:26:00 | 00,035,968 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/06/07 08:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)
DRV - [2005/05/31 05:46:26 | 00,087,936 | R--- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/12/24 22:37:48 | 00,016,800 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hppaufd0.sys -- (dot4ufd)
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/12/17 05:41:10 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/08/17 14:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1983268528-216769765-1495965720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.blackbaud.com/fwsupport.aspx
IE - HKU\S-1-5-21-1983268528-216769765-1495965720-1005\S-1-5-21-1983268528-216769765-1495965720-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/10 10:43:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/16 13:14:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/16 15:10:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 14:42:03 | 00,000,000 | ---D | M]

[2008/11/09 20:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
[2009/11/26 22:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\ifldsthv.default\extensions
[2008/11/13 08:51:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\ifldsthv.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/11/27 13:11:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/26 19:30:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/11/10 10:43:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/10/06 09:19:36 | 00,114,540 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

O1 HOSTS File: (350653 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12022 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005..\Run: [Google Update] C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005..\Run: [LogitechSetup] E:\setup.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMS Service Monitor.lnk = C:\Program Files\Security Management System\ServiceMonitor.exe (Securitas Technology)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1983268528-216769765-1495965720-1005\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1226000262562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:00 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{36ab1064-09a7-11de-89ca-0018debd959b}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{36ab1064-09a7-11de-89ca-0018debd959b}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/27 13:13:12 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
[2009/11/23 11:33:42 | 00,904,048 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Robin\Desktop\fsbl(2).exe
[2009/11/23 11:23:12 | 00,904,048 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Robin\Desktop\fsbl.exe
[2009/11/23 10:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\Network Asset Tracker
[2009/11/18 22:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\Move Networks
[2009/11/17 16:05:28 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Robin\Desktop\RootRepeal.exe
[2009/11/17 15:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/17 15:49:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Robin\Desktop\HJTInstall.exe
[2009/11/17 15:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/11/17 15:22:25 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/11/17 15:16:47 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/17 15:07:29 | 00,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
[2009/11/17 14:35:57 | 25,187,588 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Robin\Desktop\sdsetup.exe.part
[2009/11/17 12:12:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/17 12:12:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/17 12:12:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/17 12:12:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/17 12:05:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/16 13:15:48 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/16 13:15:35 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/16 13:15:34 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/16 13:15:28 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/16 13:15:28 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/16 13:15:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/16 13:14:53 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/16 13:14:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/15 17:46:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\personal files
[2009/11/13 13:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\GooredFix Backups
[2009/11/13 13:13:01 | 00,067,656 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Robin\Desktop\GooredFix.exe
[2009/11/11 13:17:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\S2CLU3CLU3CLU3CL
[2009/11/11 13:17:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\9KT2CLU4DMV4DMV4
[2009/11/10 14:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/11/10 14:42:46 | 00,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2009/11/10 14:42:46 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2009/11/09 16:46:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/09 16:46:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2 C:\Documents and Settings\Robin\Desktop\*.tmp files -> C:\Documents and Settings\Robin\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/27 13:13:12 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
[2009/11/27 10:32:44 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1983268528-216769765-1495965720-1005.job
[2009/11/27 10:12:04 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\prvlcl.dat
[2009/11/27 10:01:19 | 45,814,706 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/27 09:59:30 | 00,105,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/25 22:25:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/25 22:24:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/25 22:24:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/25 22:24:09 | 36,232,76544 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/25 09:05:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/11/25 09:05:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/11/23 11:41:18 | 02,378,483 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\installer_f-secure_blacklight_2_2_1067_English(2).exe
[2009/11/23 11:40:57 | 02,378,483 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\installer_f-secure_blacklight_2_2_1067_English.exe
[2009/11/23 11:33:42 | 00,904,048 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Robin\Desktop\fsbl(2).exe
[2009/11/23 11:23:23 | 00,904,048 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Robin\Desktop\fsbl.exe
[2009/11/23 10:18:56 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Robin\NTUSER.DAT
[2009/11/23 10:18:48 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Network Asset Tracker.lnk
[2009/11/23 10:18:14 | 01,149,516 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\natracker.exe
[2009/11/20 17:23:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Robin\ntuser.ini
[2009/11/20 17:23:42 | 04,305,186 | -H-- | M] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\IconCache.db
[2009/11/18 14:40:41 | 01,019,904 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\freepcaudit.exe
[2009/11/18 11:08:41 | 00,060,979 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\support letter.pdf
[2009/11/18 09:29:37 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\dds.scr
[2009/11/17 16:05:32 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Robin\Desktop\RootRepeal.exe
[2009/11/17 15:50:37 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\HijackThis.lnk
[2009/11/17 15:50:11 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Robin\Desktop\HJTInstall.exe
[2009/11/17 15:23:06 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/17 15:23:06 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/17 15:07:34 | 00,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2009/11/17 15:07:29 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\SpyNoMore.lnk
[2009/11/17 14:56:03 | 25,187,588 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Robin\Desktop\sdsetup.exe.part
[2009/11/17 14:55:51 | 03,353,288 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\spynomore.exe
[2009/11/17 14:35:59 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\sdsetup.exe
[2009/11/17 13:25:03 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\SDFix.exe
[2009/11/17 12:07:06 | 00,093,552 | ---- | M] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/17 11:40:32 | 03,564,228 | R--- | M] () -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2009/11/16 18:47:01 | 00,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/16 13:15:36 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/16 13:15:35 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/16 13:15:34 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/16 13:15:29 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/16 13:15:28 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/16 13:15:28 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/16 13:15:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/16 13:15:23 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/16 12:48:10 | 00,888,082 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\October 2009 Statement.pdf
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 13:13:02 | 00,067,656 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Robin\Desktop\GooredFix.exe
[2009/11/09 16:58:31 | 00,350,653 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/07 07:51:32 | 00,394,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/07 07:51:32 | 00,056,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/07 07:51:30 | 00,457,446 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2 C:\Documents and Settings\Robin\Desktop\*.tmp files -> C:\Documents and Settings\Robin\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/23 11:41:08 | 02,378,483 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\installer_f-secure_blacklight_2_2_1067_English(2).exe
[2009/11/23 11:40:09 | 02,378,483 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\installer_f-secure_blacklight_2_2_1067_English.exe
[2009/11/23 10:18:48 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Network Asset Tracker.lnk
[2009/11/23 10:18:03 | 01,149,516 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\natracker.exe
[2009/11/18 14:40:40 | 01,019,904 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\freepcaudit.exe
[2009/11/18 11:08:41 | 00,060,979 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\support letter.pdf
[2009/11/18 09:29:36 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\dds.scr
[2009/11/17 15:50:37 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\HijackThis.lnk
[2009/11/17 15:40:23 | 36,232,76544 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/17 15:23:06 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/11/17 15:23:06 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/11/17 15:07:34 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2009/11/17 15:07:29 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\SpyNoMore.lnk
[2009/11/17 14:55:50 | 03,353,288 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\spynomore.exe
[2009/11/17 14:35:59 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\sdsetup.exe
[2009/11/17 13:24:35 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\SDFix.exe
[2009/11/17 12:12:58 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/17 12:12:57 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/17 12:12:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/17 12:12:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/17 12:12:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/17 11:37:33 | 03,564,228 | R--- | C] () -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2009/11/16 14:01:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\prvlcl.dat
[2009/11/16 13:15:36 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/16 13:15:28 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/16 13:15:23 | 45,814,706 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/16 13:15:23 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/16 13:15:23 | 00,105,755 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/16 13:15:22 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/16 12:48:06 | 00,888,082 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\October 2009 Statement.pdf
[2009/10/22 20:22:32 | 00,000,099 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2009/05/05 14:32:48 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 10:22:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/21 14:40:04 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2009/01/21 14:14:14 | 00,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2009/01/21 14:14:12 | 00,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2009/01/21 14:14:12 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008/12/04 09:46:31 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/10 11:22:38 | 00,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/07 11:30:26 | 00,000,011 | ---- | C] () -- C:\WINDOWS\hpljp300xg.ini
[2008/11/07 11:29:39 | 00,000,011 | ---- | C] () -- C:\WINDOWS\hpljp300xm.ini
[2008/11/05 16:16:15 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\fusioncache.dat
[2008/11/05 16:16:15 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\QSwitch.txt
[2008/11/05 16:16:15 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DSwitch.txt
[2008/11/05 16:16:15 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\AtStart.txt
[2008/02/05 18:20:08 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/09 19:10:00 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\MAGAPI.dll
[2007/03/19 03:44:10 | 00,000,077 | ---- | C] () -- C:\WINDOWS\COBOX.ini
[2007/03/19 03:44:03 | 00,001,311 | ---- | C] () -- C:\WINDOWS\MULTIMAX.INI
[2007/03/19 03:43:58 | 00,000,070 | ---- | C] () -- C:\WINDOWS\crf.ini
[2006/04/04 06:08:25 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/15 16:04:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/29 16:47:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:19:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:12:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 13:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/15 22:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

Extras:
OTL Extras logfile created on: 11/27/2009 1:14:09 PM - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\Robin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.46 Gb Total Space | 34.10 Gb Free Space | 38.99% Space Free | Partition Type: NTFS
Drive D: | 5.68 Gb Total Space | 0.69 Gb Free Space | 12.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC580831321172
Current User Name: Robin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1983268528-216769765-1495965720-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"135:TCP" = 135:TCP:*:Enabled:Unspecified
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Security Management System\MultimaxClientService.exe" = C:\Program Files\Security Management System\MultimaxClientService.exe:*:Enabled:SMS Client Service -- (Group 4 Technology)
"C:\Program Files\Security Management System\Multimax.exe" = C:\Program Files\Security Management System\Multimax.exe:*:Enabled:Security Management System -- (Group 4 Technology)
"C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Roxio CinePlayer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{2F0D3C9E-4FB6-4A14-B0C4-42328F570177}" = Fingerprint Sensor Minimum Install
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C5EA394-1033-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{403BC48C-BCAA-47EA-9841-F26599A81E48}" = HP LaserJet P3005 Install Notes
"{41A7FDB2-4C71-4086-A0BD-B06D5171C156}" = Magicard Support Utility
"{46E66C2D-889A-4C8C-926A-15F5CF9346C0}" = pcProxPlus
"{5012BC0C-7E1A-329A-8F02-B6846070C5F8}" = Google Talk Plugin
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5715A83C-6FE9-4730-A6E2-D6584584DD01}" = HP Care Pack Core
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{725066CD-68E6-4824-96EA-1D30FBFEE643}" = Security Management System
"{748B1880-9025-439D-B5D1-E078F2329993}" = HP LaserJet P3005
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7732DA71-2FB6-5C99-D0D9-58A2DB360895}" = FlipShare
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80115925-7159-4DF5-8EAF-60FD32C2B7F5}" = Network Asset Tracker
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F0E4EC2-2398-4BB8-9FBB-B4E7C4E128E6}" = Whisper 32
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module
"{C62538F0-66AB-4BCE-BDD2-A556547AD9BE}" = pcProx
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEF89BE7-8948-478A-A452-3F0E9F69233D}" = HP LaserJet P3005 User Guide
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DFEDA4ED-E67D-4E5E-8FDE-C628B4DCA01B}" = ATI Catalyst Control Center
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E1A7C08D-1724-4A94-9E14-F83AB1530B16}" = HP Care Pack Products
"{E7485CE5-C004-44D6-AA3E-7EE4DFE2B70E}" = HP Support Phone Numbers
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"AccuWage 2008" = AccuWage 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ASAP Utilities_is1" = ASAP Utilities
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"BadCopy Pro" = BadCopy Pro
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Digsby" = Digsby
"HijackThis" = HijackThis 2.0.2
"HP LaserJet P3005" = HP LaserJet P3005
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{725066CD-68E6-4824-96EA-1D30FBFEE643}" = Security Management System
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Magicard Rio/Tango 2e" = Magicard Rio/Tango 2e
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NetSetMan 2_is1" = NetSetMan 2.5.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROR" = Microsoft Office Professional 2007
"ReaJPEG Pro_is1" = ReaJPEG Pro 3.9
"SpyNoMore" = SpyNoMore 2.94
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1983268528-216769765-1495965720-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"GoToAssist Express Expert" = GoToAssist Express Expert 1.0.0.128
"GoToMeeting" = GoToMeeting 4.1.0.366
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2009 3:40:27 PM | Computer Name = PC580831321172 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/16/2009 12:38:08 PM | Computer Name = PC580831321172 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/19/2009 10:40:32 AM | Computer Name = PC580831321172 | Source = ESENT | ID = 490
Description = wuauclt (2060) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/19/2009 10:51:31 AM | Computer Name = PC580831321172 | Source = Application Error | ID = 1000
Description = Faulting application Rtvscan.exe, version 11.0.2000.1253, faulting
module Srtsp32.dll, version 10.2.4.3, fault address 0x00001a6e.

Error - 11/22/2009 11:49:40 PM | Computer Name = PC580831321172 | Source = ESENT | ID = 485
Description = wuauclt (2464) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 11/22/2009 11:49:41 PM | Computer Name = PC580831321172 | Source = ESENT | ID = 485
Description = wuauclt (2464) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 11/23/2009 11:14:31 AM | Computer Name = PC580831321172 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!W32.Auraax in File: G:\system.exe by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.



Error - 11/23/2009 11:15:03 AM | Computer Name = PC580831321172 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!W32.Auraax in File: G:\system.exe by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.



Error - 11/23/2009 8:05:00 PM | Computer Name = PC580831321172 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2009 10:13:12 AM | Computer Name = PC580831321172 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 11/14/2008 9:54:40 AM | Computer Name = PC580831321172 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 532
seconds with 420 seconds of active time. This session ended with a crash.

Error - 4/30/2009 5:13:54 PM | Computer Name = PC580831321172 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15353
seconds with 1680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/25/2009 11:25:00 PM | Computer Name = PC580831321172 | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 11/25/2009 11:36:35 PM | Computer Name = PC580831321172 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MARYS using any of
the configured protocols.

Error - 11/25/2009 11:36:42 PM | Computer Name = PC580831321172 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer BRIAN using any of
the configured protocols.

Error - 11/26/2009 11:47:58 PM | Computer Name = PC580831321172 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 11/26/2009 11:49:13 PM | Computer Name = PC580831321172 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MARYS using any of
the configured protocols.

Error - 11/26/2009 11:49:20 PM | Computer Name = PC580831321172 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer BRIAN using any of
the configured protocols.

Error - 11/27/2009 10:54:49 AM | Computer Name = PC580831321172 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MARYS using any of
the configured protocols.

Error - 11/27/2009 10:54:56 AM | Computer Name = PC580831321172 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer BRIAN using any of
the configured protocols.

Error - 11/27/2009 2:09:32 PM | Computer Name = PC580831321172 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer MARYS using any of
the configured protocols.

Error - 11/27/2009 2:09:45 PM | Computer Name = PC580831321172 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer BRIAN using any of
the configured protocols.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:48 PM

Posted 28 November 2009 - 09:58 AM

Hi,

first of:
ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please check if you have a file C:\combofix.txt. If you have it please post the content of it in your next reply.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either symantec or AVG.

Third SpyNoMore is generally considered a rogue program, meaning it will find threats even if none are present on your PC to sell more copies.

Please run Malwarebytes next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

It should find and delete SpyNoMore.


Where do you get redirected to when you try to access the site at work?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 waldingrl

waldingrl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 28 November 2009 - 09:46 PM

Malware log:

Malwarebytes' Anti-Malware 1.41
Database version: 3253
Windows 5.1.2600 Service Pack 3

11/28/2009 9:42:32 PM
mbam-log-2009-11-28 (21-42-32).txt

Scan type: Quick Scan
Objects scanned: 121075
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The redirects are random. Most of the time it will open a second window to www.gugle.com . and here are a few others:

hxxp://www.manufacturersdirectory.com/search-results.aspx?keywords=hdtv+receiver
hxxp://www.upliftsearch.com/?keyword=tivo%20community&aid=1419&cid=1071&subid=12664

Edited by myrti, 29 November 2009 - 02:42 PM.
disabled links


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:48 PM

Posted 29 November 2009 - 02:43 PM

Hi,

can I understand from your reply, that you don't have C:\combofix.txt anymore?

Please run gmer to check for rootkits:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 waldingrl

waldingrl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 01 December 2009 - 01:14 PM

Myrti,

I have been away from my computer for a few days. I will attempt this tonight and post the results. Thanks for your patience. I downloaded the combofix, but I don't believe I ran it, so I do not have the txt file.

#8 waldingrl

waldingrl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 08 December 2009 - 02:32 PM

gmer.log (I had to go into safe mode to run it):

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-08 14:16:31
Windows 5.1.2600 Service Pack 3
Running: 30clzgb4.exe; Driver: C:\DOCUME~1\Robin\LOCALS~1\Temp\pfloiaod.sys


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{632934CD-E780-195A-6AA9-0C951994012D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{632934CD-E780-195A-6AA9-0C951994012D}@iaegjooccljckflkhl 0x6A 0x61 0x61 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{632934CD-E780-195A-6AA9-0C951994012D}@hagipciebpgkcgna 0x6A 0x61 0x61 0x66 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:48 PM

Posted 11 December 2009 - 10:59 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.

Please run a scan with mbr to make sure you do not have a MBR-infection:
Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >>"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
Do you get redirected in both Internet Explorer and Firefox, or only in one of the two?

Sorry once more,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 waldingrl

waldingrl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 11 December 2009 - 11:39 AM

No problem on the delay - I appreciate the help.

Here's the mbr.log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK


The redirects happen in both IE (just redirected to allgive.com) and Firefox(103.coolberg.com that goes to smartbizsearch.com/search.php?q=cable+television&sa=20&sid=3484541929&p=1).

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:48 PM

Posted 25 December 2009 - 06:16 AM

Hi,

I can't believe this slipped through my fingers yet again. :( Please send me a PM when I don't reply to your thread. I usually reply within 2 days.

Please run Combofix:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users