Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect in all browsers


  • This topic is locked This topic is locked
21 replies to this topic

#1 Trident18

Trident18

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 12 October 2010 - 11:03 PM

I'm getting redirects on all searches of all search engines of all working browsers. I can only get IE8 and FF to work- chrome opens, but won't load a page; Opera won't even open.

I've got Vipre AntiVirus which has worked well for the past two years (expires on Thursday).
I've also run Quick MBAM & Super AntiSpyware scans. MBAM found nothing and SAS deleted a bunch of cookies.
Here's the DDS scan- it took way longer than 3minutes.

DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 23:49:13.21 on Tue 10/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1948 [GMT -4:00]

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Venta\VentaFax & Voice 6\vfdrv32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\system32\dllhost.exe
svchost.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HTC\HTC Sync\Sync Manager\syncindicator.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [NBHGui] c:\program files\nero\tools\incd\NBHGui.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [InCD] c:\program files\nero\tools\incd\InCD.exe
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicj~1.lnk - c:\documents and settings\owner\application data\mjusbsp\magicJackLoader.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\powera~1.lnk - c:\program files\tripplite\poweralert\console\pastatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231261363750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231261357671
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32 acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\sqixmruq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\sqixmruq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\sqixmruq.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-8-26 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-26 212568]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-7 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-7 41424]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-7-14 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-8 304464]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\tools\incd\NBHRegInCDSrv.exe [2009-10-16 53560]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-7-2 30720]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-8-20 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-8-26 69976]
R2 VfDrv32;VentaFax Engine;c:\program files\venta\ventafax & voice 6\vfdrv32.exe [2009-4-7 1249280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-8 20952]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-7 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-5-29 87760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PowerAlert Agent;PowerAlert Agent;c:\program files\tripplite\poweralert\engine\pal.exe [2009-3-26 1575936]
S2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584]
S2 SmartPayments_Service;SmartPayments Service Manager;c:\program files\smartpayments\smartpayments_service.exe --> c:\program files\smartpayments\smartpayments_service.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-23 1691480]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-9-20 24576]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-5-25 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2009-5-25 19392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-12-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2009-1-5 99328]
S4 SgtSch2Svc;Seagate Scheduler2 Service;"c:\program files\common files\seagate\schedule2\schedul2.exe" --> c:\program files\common files\seagate\schedule2\schedul2.exe [?]

=============== Created Last 30 ================

2010-10-13 02:22:57 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\tjnet
2010-10-13 01:50:14 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\magicJack
2010-10-12 17:28:35 23512 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-10-12 17:28:35 138712 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-10-12 02:54:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\magicJack
2010-10-12 02:43:17 -------- d-----w- c:\docume~1\owner\applic~1\mjusbsp
2010-10-09 15:45:37 311296 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2010-10-09 15:45:36 729088 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2010-10-09 15:45:32 -------- d-----w- c:\program files\Focus MP3 Recorder Pro
2010-10-09 15:44:54 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2010-10-09 15:44:54 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-10-09 15:44:53 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-10-09 15:44:53 450560 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-10-09 15:44:53 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-10-09 15:44:53 270336 ----a-w- c:\windows\system32\NCTAudioDisplay2.dll
2010-10-09 15:44:53 237568 ----a-w- c:\windows\system32\lame_enc.dll
2010-10-09 15:44:53 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-10-09 15:44:53 1040384 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-10-09 15:44:52 4057200 ----a-w- c:\windows\system32\wmfdist.exe
2010-10-09 15:44:48 -------- d-----w- c:\program files\FreeCDRipper
2010-10-07 05:28:17 -------- d-----w- c:\program files\Celtx
2010-10-07 01:20:15 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero_AG
2010-10-06 19:09:45 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-10-06 19:09:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-06 19:08:53 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-10-06 19:08:17 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-10-06 19:07:51 -------- d-----w- c:\windows\Logs
2010-10-04 21:29:19 -------- d-----w- c:\docume~1\owner\applic~1\Digiarty
2010-10-04 21:29:07 -------- d-----w- c:\program files\Digiarty
2010-10-04 21:15:50 -------- d-----w- c:\docume~1\owner\applic~1\AVS4YOU
2010-10-04 21:15:05 -------- d-----w- c:\program files\WinAVI Video Converter
2010-10-04 21:14:20 -------- d-----w- c:\program files\common files\AVSMedia
2010-10-04 21:14:16 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-10-04 21:14:15 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-10-04 21:14:15 -------- d-----w- c:\program files\AVS4YOU
2010-10-04 21:14:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2010-10-04 20:57:30 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\WinAVI
2010-10-04 20:57:30 -------- d-----w- c:\docume~1\owner\applic~1\WinAVI
2010-10-04 20:57:18 -------- d-----w- c:\program files\All in One Converter
2010-09-20 22:18:02 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\HTC
2010-09-20 22:17:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\HTC
2010-09-20 22:17:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Teleca
2010-09-20 22:16:12 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2010-09-20 22:16:12 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-20 22:16:04 -------- d-----w- c:\program files\Spirent Communications
2010-09-20 22:15:59 -------- d-----w- c:\program files\HTC
2010-09-15 04:38:18 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
2010-09-15 04:38:16 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll
2010-09-15 04:38:14 406016 -c----w- c:\windows\system32\dllcache\usp10.dll

==================== Find3M ====================

2010-09-01 19:15:27 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-01 19:15:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-01 19:15:25 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-20 13:18:40 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 23:58:07.57 ===============

Having trouble w/gmer.exe...

When I run gmer.exe, it gives me a quick BSOD and then reboots.

Interesting. I just did a search to find HijackThis and there was no redirect!! A fluke?

The HijackThis app ran with three errors, but completed.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:31 AM, on 10/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\TrippLite\PowerAlert\engine\pal.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venta\VentaFax & Voice 6\vfdrv32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\HTC\HTC Sync\Sync Manager\syncindicator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: magicJack.lnk = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJackLoader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - .DEFAULT Startup: magicJack.lnk = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJackLoader.exe (User 'Default user')
O4 - .DEFAULT Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: magicJack.lnk = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJackLoader.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: PowerAlert Status.lnk = C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: my.magicjack.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231261363750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231261357671
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32 acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
O23 - Service: Palm Novacom (NovacomD) - Unknown owner - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PowerAlert Agent - Unknown owner - C:\Program Files\TrippLite\PowerAlert\engine\pal.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: SmartPayments Service Manager (SmartPayments_Service) - Unknown owner - c:\program files\smartpayments\smartpayments_service.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VentaFax Engine (VfDrv32) - Venta Association - C:\Program Files\Venta\VentaFax & Voice 6\vfdrv32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 18840 bytes

Here's the HijackThis 2.0.3 log. Ran with no errors:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:51:55 AM, on 10/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\TrippLite\PowerAlert\engine\pal.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venta\VentaFax & Voice 6\vfdrv32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\HTC\HTC Sync\Sync Manager\syncindicator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: magicJack.lnk = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJackLoader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - .DEFAULT Startup: magicJack.lnk = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJackLoader.exe (User 'Default user')
O4 - .DEFAULT Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: magicJack.lnk = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJackLoader.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: PowerAlert Status.lnk = C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: my.magicjack.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231261363750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231261357671
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32 acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
O23 - Service: Palm Novacom (NovacomD) - Unknown owner - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PowerAlert Agent - Unknown owner - C:\Program Files\TrippLite\PowerAlert\engine\pal.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: SmartPayments Service Manager (SmartPayments_Service) - Unknown owner - c:\program files\smartpayments\smartpayments_service.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VentaFax Engine (VfDrv32) - Venta Association - C:\Program Files\Venta\VentaFax & Voice 6\vfdrv32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 18775 bytes

As soon as I start a GMER scan, my PC freezes.

And here's an MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4813

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/13/2010 2:27:00 PM
mbam-log-2010-10-13 (14-27-00).txt

Scan type: Quick scan
Objects scanned: 164637
Time elapsed: 18 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\temp\9FE.tmp (Trojan.Alureon.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\A00.tmp (Trojan.Alureon.Gen) -> Quarantined and deleted successfully.

I have another symptom. I thought that it was being caused by a software conflict- it started right after I installed the magicJack software. I started getting a Windows error message and then my computer would no longer recognize my sound card or my modem. So I couldn't hear anything and could no longer receive FAXes (using VentaFAX software). It also would change my Windows taskbar to look like it does now:

The redirects I could live with. Even the lack of sound I could live with. But I need my FAX modem.
Please help.

It looks like this is definitely an infection. If a Mod wants to move this to the Virus/Malware removal section, I'd appreciate it.
Or I can start a whole new thread there, if that would be better.

Merged 8 posts and moved to log forum. ~ OB

Edited by Orange Blossom, 13 October 2010 - 09:45 PM.


BC AdBot (Login to Remove)

 


#2 Trident18

Trident18
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 14 October 2010 - 08:53 AM

I ran SuperAntiSpyware in SafeMode last night (before this got moved here and I saw that I shouldn't do anything else). Here's the log for that run.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2010 at 01:53 AM

Application Version : 4.44.1000

Core Rules Database Version : 5681
Trace Rules Database Version: 3493

Scan type : Complete Scan
Total Scan Time : 03:49:58

Memory items scanned : 261
Memory threats detected : 0
Registry items scanned : 9318
Registry threats detected : 0
File items scanned : 41518
File threats detected : 124

Adware.Tracking Cookie
C:Documents and SettingsOwnerCookiesowner@advertising[1].txt
C:Documents and SettingsOwnerCookiesowner@evite.112.2o7[1].txt
C:Documents and SettingsOwnerCookiesowner@ads.undertone[3].txt
C:Documents and SettingsOwnerCookiesowner@questionmarket[1].txt
C:Documents and SettingsOwnerCookiesowner@liveperson[2].txt
C:Documents and SettingsOwnerCookiesowner@advertise[1].txt
C:Documents and SettingsOwnerCookiesowner@click.compusaonline[3].txt
C:Documents and SettingsOwnerCookiesowner@sales.liveperson[1].txt
C:Documents and SettingsOwnerCookiesowner@googleads.g.doubleclick[1].txt
C:Documents and SettingsOwnerCookiesowner@fastclick[2].txt
C:Documents and SettingsOwnerCookiesowner@service.liveperson[3].txt
C:Documents and SettingsOwnerCookiesowner@collective-media[2].txt
C:Documents and SettingsOwnerCookiesowner@atdmt[2].txt
C:Documents and SettingsOwnerCookiesowner@insightexpressai[3].txt
C:Documents and SettingsOwnerCookiesowner@casalemedia[1].txt
C:Documents and SettingsOwnerCookiesowner@liveperson[1].txt
C:Documents and SettingsOwnerCookiesowner@doubleclick[2].txt
C:Documents and SettingsOwnerCookiesowner@ad.yieldmanager[1].txt
C:Documents and SettingsOwnerCookiesowner@specificclick[3].txt
crackle.com [ C:Documents and SettingsLocalServiceApplication DataMacromediaFlash Player#SharedObjectsEVV7CLX7 ]
media.scanscout.com [ C:Documents and SettingsLocalServiceApplication DataMacromediaFlash Player#SharedObjectsEVV7CLX7 ]
secure-us.imrworldwide.com [ C:Documents and SettingsLocalServiceApplication DataMacromediaFlash Player#SharedObjectsEVV7CLX7 ]
C:Documents and SettingsLocalServiceCookiessystem@www.r5track[1].txt
C:Documents and SettingsLocalServiceCookiessystem@www.rsptrack[1].txt
C:Documents and SettingsLocalServiceCookiessystem@affiliate.revenueads[2].txt
C:Documents and SettingsLocalServiceCookiessystem@clicks.searchquickonline[1].txt
C:Documents and SettingsNetworkServiceCookiessystem@clickthrough.kanoodle[1].txt
C:Documents and SettingsNetworkServiceCookiessystem@tracking.realtor[1].txt
C:Documents and SettingsNetworkServiceCookiessystem@apmebf[1].txt
C:Documents and SettingsNetworkServiceCookiessystem@mediaplex[2].txt
C:Documents and SettingsNetworkServiceCookiessystem@homestore.122.2o7[1].txt
secure-us.imrworldwide.com [ C:Documents and SettingsOwnerApplication DataMacromediaFlash Player#SharedObjectsQ5LUURG2 ]
.atdmt.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.atdmt.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.doubleclick.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.collective-media.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.collective-media.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.collective-media.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.collective-media.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.realmedia.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.realmedia.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.adxpose.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.realmedia.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.apmebf.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.fastclick.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.fastclick.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.fastclick.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.burstnet.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
www.burstnet.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ads.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ads.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ads.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ads.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ads.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ads.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ads.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ads.pointroll.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
www.burstbeacon.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.burstbeacon.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
ad.yieldmanager.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
ad.yieldmanager.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
ad.yieldmanager.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
ad.yieldmanager.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
ad.yieldmanager.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
www.tracklead.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.content.yieldmanager.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.invitemedia.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.advertising.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.fastclick.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.liveperson.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.service.liveperson.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.service.liveperson.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.liveperson.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.advertise.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.mediaplex.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.tribalfusion.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.kontera.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.statcounter.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.www.burstnet.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.burstnet.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
statse.webtrendslive.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
server.iad.liveperson.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.liveperson.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.invitemedia.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.adbrite.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.adbrite.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.imrworldwide.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.imrworldwide.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.adbrite.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.adbrite.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.adbrite.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.2o7.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.2o7.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
user.lucidmedia.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ru4.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ru4.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ru4.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ru4.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ru4.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.ru4.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.media6degrees.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.adbrite.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.adbrite.com [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
.evite.112.2o7.net [ C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilessqixmruq.defaultcookies.sqlite ]
C:Documents and SettingsOwnerCookiesowner@click.compusaonline[1].txt
C:Documents and SettingsOwnerCookiesowner@adserver.adtechus[1].txt
C:Documents and SettingsOwnerCookiesowner@brighthouse.122.2o7[1].txt
C:Documents and SettingsOwnerCookiesowner@insightexpressai[2].txt
C:Documents and SettingsOwnerCookiesowner@microsoftinternetexplorer.112.2o7[1].txt
C:Documents and SettingsOwnerCookiesowner@zillow.adbureau[2].txt
C:Documents and SettingsOwnerCookiesowner@adecn[1].txt
C:Documents and SettingsOwnerCookiesowner@yadro[1].txt
C:Documents and SettingsOwnerCookiesowner@adserver.duetads[1].txt
C:Documents and SettingsOwnerCookiesowner@specificclick[1].txt
C:Documents and SettingsOwnerCookiesowner@adxpose[1].txt
C:Documents and SettingsOwnerCookiesowner@specificmedia[1].txt
C:Documents and SettingsOwnerCookiesowner@adbrite[2].txt
C:Documents and SettingsOwnerCookiesowner@www.burstnet[2].txt
C:Documents and SettingsOwnerCookiesowner@ads.undertone[2].txt
C:Documents and SettingsOwnerCookiesowner@at.atwola[1].txt
C:Documents and SettingsOwnerCookiesowner@click2go[2].txt
C:Documents and SettingsOwnerCookiesowner@atwola[2].txt

I just noticed that I don't seem to be getting the redirects anymore. But the other issues are still there. I still get these Windows errors and my sound & modem are not working.
A little good news.

FYI: I've still been trying to run a GMER scan occasionally- interesting that it seems to get "stuck" just before it locks up my system on
Sections: C:WINDOWSsystem32driverspci.sys
Might this have something to do with my modem & sound not working?

I can't seem to note any consistency on when these Windows errors occur. This morning, it occurred within 10minutes after I booted up when I wasn't even using the PC.
It just happened again, a few hours after I booted up with fairly constant use.

And NOW [an hour after the line above], it's happening almost immediately after each reboot. [And I have to reboot twice- all the time- to get Windows to load. First time, I get a blank background and it just hangs there. 2nd time it will load up Windows normally.]

Running an MBAM scan again [complete] and all of a sudden I notice I have sound! Still no controls for volume, but I'm hearing "beeps" & chimes, etc. I also see that my modem just came on again (VentaFAX is "ready to receive"). So strange.

And then my modem dies again. But I still have sounds. crazy.gif

EDIT: Posts merged ~BP

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4824

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/14/2010 7:43:24 PM
mbam-log-2010-10-14 (19-43-24).txt

Scan type: Full scan (C:\|)
Objects scanned: 402455
Time elapsed: 4 hour(s), 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also need a bit of advice... my antivirus expired today. I want to renew it, but I'm a little concerned about entering any codes or credit card numbers on my computer right now. Obviously, my PC is not 100%, but is it secure enough to enter confidential financial information to renew my a/v subscription?

This is so crazy... Now I can't get FF to open (previously, it was working the most consistently). Now it's just IE8. A few reboots and subsequent Windows errors later... FF works fine. Wild.

Merged 3 posts, one of which consisted of already merged posts. ~ OB

Edited by Orange Blossom, 15 October 2010 - 10:42 AM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 21 October 2010 - 06:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 Trident18

Trident18
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 21 October 2010 - 08:55 PM

I'm still here. I have done some work since I first posted, as I needed my computer at least functional, but I am still having some issues and would appreciate some help in checking it out.
I'm also still not sure if my PC is secure, so I installed a free version of a different internet security app [COMODO 2011] instead of the paid version of Vipre that I was using. It seems rather complex and it might be causing some of the slowness as well.
I'm in my 13th hour of a MBAM scan right now... that doesn't seem right either.

I look forward to working with you.

The positive steps that I took- I was reading through some other threads and found a suggestion to try something called Hitman Pro. While it didn't fix anything, it found a rootkit virus; I looked it up and found that it might be "cured" with TDSSKiller. So I downloaded it. It confirmed the ALUREON virus and seemed to eliminate it. I no longer have any redirects happening, but I haven't been able to open my Opera or Chrome browsers. And it doesn't "feel right". <_<

Edited by Trident18, 21 October 2010 - 09:55 PM.


#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 22 October 2010 - 03:32 AM

Sometimes TDSS doesn't always want to go in one hit.

Please run Combofix and see what might have been left behind

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#6 Trident18

Trident18
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 22 October 2010 - 11:41 AM

The reply came out as "log.txt" and I changed it to "cf_log.txt" [just noticed that an identical file was created in the location described. Just in case it's different, I copy/pasted that one in here.]
I also uninstalled COMODO Internet Security Premium 2011 prior to running ComboFix.
ComboFix 10-10-21.08 - Owner 10/22/2010 11:51:43.2.4 - x86
Running from: c:\documents and settings\Owner\Desktop\comfix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RegGenie
c:\program files\RegGenie\Backups\40319.9574424884
c:\program files\RegGenie\RegGenie.ini

.
((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-22 15:19 . 2010-10-22 15:31 -------- d-----w- C:\comfix
2010-10-21 02:52 . 2010-10-22 15:02 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-10-21 02:35 . 2010-10-22 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-10-20 00:38 . 2010-10-20 00:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\tjnet
2010-10-20 00:23 . 2010-10-20 00:23 -------- d-----w- C:\spoolerlogs
2010-10-19 15:14 . 2010-10-19 15:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\magicJack
2010-10-19 09:07 . 2010-08-27 05:57 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2010-10-19 09:07 . 2010-07-16 12:05 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
2010-10-19 09:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 09:07 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 09:07 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-18 21:41 . 2010-10-18 22:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-18 21:41 . 2010-10-18 21:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-18 21:41 . 2010-10-18 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-10-14 19:40 . 2010-10-14 19:40 -------- d-----w- C:\cabs
2010-10-13 13:51 . 2010-10-13 13:51 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-10-13 13:51 . 2010-10-13 13:51 -------- d-----w- c:\program files\TrendMicro
2010-10-13 13:43 . 2010-10-13 13:43 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-13 13:43 . 2010-10-13 13:43 -------- d-----w- c:\program files\Trend Micro
2010-10-12 17:28 . 2010-10-21 14:43 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-10-12 17:28 . 2010-10-21 14:43 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-10-12 02:54 . 2010-10-12 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2010-10-12 02:43 . 2010-10-22 15:50 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2010-10-09 15:45 . 2004-12-23 22:15 311296 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2010-10-09 15:45 . 2004-12-08 16:47 729088 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2010-10-09 15:45 . 2010-10-09 15:45 -------- d-----w- c:\program files\Focus MP3 Recorder Pro
2010-10-09 15:44 . 2004-12-03 14:37 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2010-10-09 15:44 . 2004-05-20 18:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-10-09 15:44 . 2004-12-08 17:21 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-10-09 15:44 . 2004-12-08 15:38 1040384 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-10-09 15:44 . 2004-12-01 18:43 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-10-09 15:44 . 2004-11-04 16:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-10-09 15:44 . 2004-08-02 19:09 450560 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-10-09 15:44 . 2004-05-20 16:58 270336 ----a-w- c:\windows\system32\NCTAudioDisplay2.dll
2010-10-09 15:44 . 2003-08-07 18:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2010-10-09 15:44 . 2002-10-28 20:11 4057200 ----a-w- c:\windows\system32\wmfdist.exe
2010-10-09 15:44 . 2010-10-09 16:24 -------- d-----w- c:\program files\FreeCDRipper
2010-10-07 05:28 . 2010-10-07 05:29 -------- d-----w- c:\program files\Celtx
2010-10-07 01:20 . 2010-10-07 01:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nero_AG
2010-10-06 19:09 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-10-06 19:09 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-06 19:08 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-10-06 19:08 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-10-06 19:07 . 2010-10-06 19:07 -------- d-----w- c:\windows\Logs
2010-10-04 21:29 . 2010-10-05 02:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Digiarty
2010-10-04 21:29 . 2010-10-05 02:03 -------- d-----w- c:\program files\Digiarty
2010-10-04 21:15 . 2010-10-04 21:15 -------- d-----w- c:\documents and settings\Owner\Application Data\AVS4YOU
2010-10-04 21:14 . 2010-10-07 01:43 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-10-04 21:14 . 2010-09-15 16:10 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-10-04 21:14 . 2010-10-07 01:43 -------- d-----w- c:\program files\AVS4YOU
2010-10-04 21:14 . 2010-10-04 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-10-04 21:14 . 2010-09-15 16:10 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-10-04 20:57 . 2010-10-18 18:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinAVI
2010-10-04 20:57 . 2010-10-04 20:57 -------- d-----w- c:\documents and settings\Owner\Application Data\WinAVI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2002-12-31 07:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-12-31 07:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-12-31 07:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-12-31 07:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2007-10-10 22:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2007-02-10 19:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2002-12-31 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2002-12-31 07:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2002-12-31 07:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 03:12 . 2010-08-30 03:12 53248 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-08-27 08:02 . 2002-12-31 07:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2002-12-31 07:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2002-12-31 07:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-14 18:39 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2002-12-31 07:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2002-12-31 07:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2002-12-31 07:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 15:44 97072 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-04 135664]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-10-08 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBHGui"="c:\program files\Nero\Tools\InCD\NBHGui.exe" [2009-10-16 1600816]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"InCD"="c:\program files\Nero\Tools\InCD\InCD.exe" [2009-10-16 1060136]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-5-27 576000]
magicJack.lnk - c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe [2010-10-8 806016]
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2009-1-7 19291304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PowerAlert Status.lnk - c:\program files\TrippLite\PowerAlert\console\pastatus.exe [2009-3-26 364032]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-23 05:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Shortcut to upgrade.exe.lnk]
backup=c:\windows\pss\Shortcut to upgrade.exe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d3dfontruntime
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ghequ

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-07-20 13:34 851968 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 18:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-04 23:10 135664 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-07-06 22:26 19556968 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
2009-10-20 20:33 9728000 ----a-w- c:\program files\Sprite Software\Sprite Backup\spriteservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-04 01:21 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-12 17:40 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2 (0x2)
"SgtSch2Svc"=2 (0x2)
"SeaPort"=2 (0x2)
"SBPIMSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SOTI\\Pocket Controller-Pro\\PocketController.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SASrun.exe"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\acrotray.exe"=
"c:\documents and settings\Owner\Application Data\Facebook\facebook.exe"= c:\documents and settings\Owner\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"5070:UDP"= 5070:UDP:MJ2
"5060:UDP"= 5060:UDP:MJ1

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/7/2009 12:39 PM 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/7/2009 12:39 PM 41424]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/14/2010 4:28 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2009 10:30 AM 304464]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 2:39 PM 490280]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Tools\InCD\NBHRegInCDSrv.exe [10/16/2009 11:44 AM 53560]
R2 VfDrv32;VentaFax Engine;c:\program files\Venta\VentaFax & Voice 6\vfdrv32.exe [4/7/2009 5:32 PM 1249280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2009 10:30 AM 20952]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/7/2009 12:39 PM 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [5/29/2009 8:12 PM 87760]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [7/2/2009 5:28 PM 30720]
S2 PowerAlert Agent;PowerAlert Agent;c:\program files\TrippLite\PowerAlert\engine\pal.exe [3/26/2009 10:52 AM 1575936]
S2 SmartPayments_Service;SmartPayments Service Manager;c:\program files\smartpayments\smartpayments_service.exe --> c:\program files\smartpayments\smartpayments_service.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/23/2009 9:38 PM 1691480]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/20/2010 6:16 PM 24576]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [5/25/2009 8:10 PM 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [5/25/2009 8:10 PM 19392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [12/31/2002 3:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 SgtSch2Svc;Seagate Scheduler2 Service;"c:\program files\Common Files\Seagate\Schedule2\schedul2.exe" --> c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/22/2010 6:15 PM 697328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 17:43 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628088293-3787922592-2503402611-1005Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 23:10]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628088293-3787922592-2503402611-1005UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 23:10]

2010-10-22 c:\windows\Tasks\User_Feed_Synchronization-{2326E73B-F61D-4E8F-BE08-B3B289E711DF}.job
- c:\windows\system32\msfeedssync.exe [2009-01-06 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: {FFA46983-3231-416D-8C64-E5B156C81BB6} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\sqixmruq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\sqixmruq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\sqixmruq.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-DiscWizardMonitor - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2628088293-3787922592-2503402611-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1100)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2010-10-22 12:30:27
ComboFix-quarantined-files.txt 2010-10-22 16:30
ComboFix2.txt 2010-02-25 02:26

Pre-Run: 46,128,926,720 bytes free
Post-Run: 181,912,260,608 bytes free

- - End Of File - - 16A3B9D5E6757B3A34B103EEEEFC08CE

Edited by Trident18, 22 October 2010 - 11:45 AM.


#7 Trident18

Trident18
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 22 October 2010 - 11:48 AM

And here is the MBAM log that I was running prior to hearing from you.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4897

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/22/2010 12:31:09 AM
mbam-log-2010-10-22 (00-31-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 403950
Time elapsed: 14 hour(s), 59 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 22 October 2010 - 05:27 PM

Nothing has been found, which means we should now run a couple of tests to make sure we're clean before we continue.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#9 Trident18

Trident18
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 22 October 2010 - 09:07 PM

MBRCheck report:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000011fd

Kernel Drivers (total 160):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB84BC000 compbatt.sys
0xB84C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB7EF2000 nvatabus.sys
0xB7ED2000 SI3114r.sys
0xB7EBA000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7E9A000 fltmgr.sys
0xB7E88000 sr.sys
0xB84C4000 SiWinAcc.sys
0xB80F8000 PxHelp20.sys
0xB7E71000 KSecDD.sys
0xB7DE4000 Ntfs.sys
0xB7DB7000 NDIS.sys
0xB7D4C000 timntr.sys
0xB7D32000 Mup.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7CAE000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8438000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB7C7E000 \SystemRoot\system32\DRIVERS\parport.sys
0xB7CAA000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0xB8440000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB7C5A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8448000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7C37000 \SystemRoot\system32\DRIVERS\ks.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\InCDPass.sys
0xB7BFE000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB7B01000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB7A51000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8450000 \SystemRoot\System32\Drivers\Modem.SYS
0xB7A2C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8308000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB7942000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB6F25000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6F11000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB85E6000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB86FB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB5044000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7D0E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB4F01000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB5034000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB5024000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8430000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB4EF0000 \SystemRoot\system32\DRIVERS\psched.sys
0xB5014000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB4E2C000 \SystemRoot\System32\drivers\dmboot.sys
0xB8458000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8460000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB4E1A000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0xB4DEA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB68CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8478000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB4DCD000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xB4DB9000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0xB860A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB4D5B000 \SystemRoot\system32\DRIVERS\update.sys
0xB7CF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8238000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB68AC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB860E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB689C000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB2530000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB250C000 \SystemRoot\system32\drivers\portcls.sys
0xB8158000 \SystemRoot\system32\drivers\drmk.sys
0xB8480000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB7D02000 \SystemRoot\system32\DRIVERS\InCDRec.sys
0xB24C5000 \SystemRoot\system32\DRIVERS\InCDFs.sys
0xB8612000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87EE000 \SystemRoot\System32\Drivers\Null.SYS
0xB8614000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8490000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8498000 \SystemRoot\System32\drivers\vga.sys
0xB8616000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8618000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB84A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB84A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7C9E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2492000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2439000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB2411000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB23EB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB23C9000 \SystemRoot\System32\drivers\afd.sys
0xB527C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB525C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB524C000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0xB23B1000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0xB238F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xB8390000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB2364000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB22F4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB523C000 \SystemRoot\System32\Drivers\Fips.SYS
0xB868C000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB5054000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB2B60000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB687C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8398000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\HidBatt.sys
0xB5004000 \SystemRoot\system32\drivers\lvusbsta.sys
0xB2032000 \SystemRoot\system32\DRIVERS\LVCM.sys
0xB1F07000 \SystemRoot\system32\DRIVERS\lvsvf2.sys
0xB4FE4000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xB4FD4000 \SystemRoot\system32\drivers\usbaudio.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB2B48000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB1ECE000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB83B0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB4FC4000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB1E52000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB2B44000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB1E3A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB861E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2508000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83D8000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87FF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB1C22000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB8278000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xB191E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB1879000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1748000 \SystemRoot\System32\Drivers\HTTP.sys
0xB87DC000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB14E5000 \SystemRoot\system32\DRIVERS\srv.sys
0xB14C1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB1250000 \SystemRoot\system32\drivers\wdmaud.sys
0xB141D000 \SystemRoot\system32\drivers\sysaudio.sys
0xB13ED000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB85F8000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB518E000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
0xB079B000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
0xAFCA8000 \SystemRoot\system32\drivers\kmixer.sys
0xAFEDB000 \SystemRoot\System32\Drivers\ANDROIDUSB.sys
0xB8664000 \SystemRoot\system32\drivers\splitter.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
984 C:\WINDOWS\system32\smss.exe
1076 csrss.exe
1100 C:\WINDOWS\system32\winlogon.exe
1144 C:\WINDOWS\system32\services.exe
1156 C:\WINDOWS\system32\lsass.exe
1344 C:\WINDOWS\system32\nvsvc32.exe
1428 C:\WINDOWS\system32\svchost.exe
1476 svchost.exe
1836 C:\WINDOWS\system32\svchost.exe
1872 C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
252 svchost.exe
332 svchost.exe
432 C:\WINDOWS\system32\spoolsv.exe
1228 svchost.exe
1540 C:\WINDOWS\ehome\ehRecvr.exe
1692 C:\WINDOWS\ehome\ehSched.exe
212 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
760 C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
904 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1016 C:\Program Files\Nero\Update\NASvc.exe
1040 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
1424 C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
404 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
1644 C:\WINDOWS\system32\ctfmon.exe
1716 svchost.exe
2076 C:\WINDOWS\system32\svchost.exe
2316 C:\WINDOWS\system32\searchindexer.exe
2652 C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
2708 C:\Program Files\Venta\VentaFax & Voice 6\vfdrv32.exe
3112 C:\WINDOWS\system32\dllhost.exe
3496 C:\WINDOWS\system32\wscntfy.exe
3580 alg.exe
2500 C:\Program Files\Nero\Tools\InCD\NBHGui.exe
144 C:\Program Files\Logitech\QuickCam\Quickcam.exe
2832 C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
2924 C:\Program Files\Nero\Tools\InCD\InCD.exe
2520 C:\Program Files\BOINC\boinctray.exe
3440 C:\Program Files\BOINC\boincmgr.exe
3668 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3704 C:\WINDOWS\RTHDCPL.EXE
3832 C:\WINDOWS\system32\svchost.exe
752 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
4000 C:\Program Files\Logitech\SetPointP\SetPoint.exe
4020 C:\Program Files\Google\Google Talk\googletalk.exe
980 C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
128 C:\Program Files\Skype\Phone\Skype.exe
152 C:\Program Files\TrippLite\PowerAlert\console\pastatus.exe
4052 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
4036 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
4092 C:\Program Files\MagicDisc\MagicDisc.exe
808 C:\Program Files\BOINC\boinc.exe
944 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
1260 C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
3724 C:\Program Files\Common Files\Teleca Shared\Generic.exe
3552 C:\Program Files\Common Files\Teleca Shared\logger.exe
840 C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
2884 C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
3756 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
3200 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
1412 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
5648 C:\Program Files\Skype\Plugin Manager\skypePM.exe
5024 C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
5332 C:\WINDOWS\system32\WISPTIS.EXE
5584 C:\WINDOWS\explorer.exe
3372 C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
6096 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
4696 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
5856 C:\Program Files\Venta\VentaFax & Voice 6\logbook.exe
2304 C:\Program Files\Mozilla Firefox\firefox.exe
4984 C:\Program Files\Mozilla Firefox\plugin-container.exe
2160 C:\WINDOWS\system32\sol.exe
5244 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\M: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BB-22GUC0, Rev: 08.02D08
PhysicalDrive1 Model Number: WDCWD2500JD-00HBB0, Rev: 08.02D08
PhysicalDrive2 Model Number: WDCWD10EARS-00Y5B1, Rev: 80.00A80

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
931 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

TDSS_log:
2010/10/22 22:01:00.0453 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/22 22:01:00.0453 ================================================================================
2010/10/22 22:01:00.0453 SystemInfo:
2010/10/22 22:01:00.0453
2010/10/22 22:01:00.0453 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/22 22:01:00.0453 Product type: Workstation
2010/10/22 22:01:00.0453 ComputerName: HOME1
2010/10/22 22:01:00.0453 UserName: Owner
2010/10/22 22:01:00.0453 Windows directory: C:\WINDOWS
2010/10/22 22:01:00.0453 System windows directory: C:\WINDOWS
2010/10/22 22:01:00.0453 Processor architecture: Intel x86
2010/10/22 22:01:00.0453 Number of processors: 4
2010/10/22 22:01:00.0453 Page size: 0x1000
2010/10/22 22:01:00.0453 Boot type: Normal boot
2010/10/22 22:01:00.0453 ================================================================================
2010/10/22 22:01:00.0968 Initialize success
2010/10/22 22:01:07.0187 ================================================================================
2010/10/22 22:01:07.0187 Scan started
2010/10/22 22:01:07.0187 Mode: Manual;
2010/10/22 22:01:07.0187 ================================================================================
2010/10/22 22:01:09.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/22 22:01:10.0437 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/22 22:01:11.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/22 22:01:12.0078 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/22 22:01:14.0812 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/10/22 22:01:15.0250 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/10/22 22:01:17.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/22 22:01:17.0718 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/22 22:01:18.0796 ATIAVPCI (f37ec7b8f4395a4c8489d03354a96f30) C:\WINDOWS\system32\DRIVERS\atinavrr.sys
2010/10/22 22:01:19.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/22 22:01:19.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/22 22:01:20.0156 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/10/22 22:01:20.0781 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/22 22:01:21.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/22 22:01:21.0968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/22 22:01:22.0843 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/22 22:01:23.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/22 22:01:23.0828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/22 22:01:25.0078 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/22 22:01:26.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/22 22:01:27.0453 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/22 22:01:28.0312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/22 22:01:28.0859 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/22 22:01:29.0390 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/22 22:01:30.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/22 22:01:30.0765 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/22 22:01:31.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/22 22:01:31.0765 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/22 22:01:32.0234 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/22 22:01:32.0781 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/22 22:01:33.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/22 22:01:33.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/22 22:01:34.0312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/22 22:01:34.0812 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/22 22:01:35.0328 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/10/22 22:01:36.0031 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/22 22:01:37.0234 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/10/22 22:01:38.0187 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/22 22:01:38.0828 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
2010/10/22 22:01:39.0375 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/22 22:01:40.0718 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/22 22:01:41.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/22 22:01:41.0734 InCDFs (26f2d2aa8c5942ebc5f4c626c4b37794) C:\WINDOWS\system32\DRIVERS\InCDFs.sys
2010/10/22 22:01:42.0234 InCDPass (4c5e4899d0fda39292d8e6e13a7148ee) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2010/10/22 22:01:42.0671 InCDRec (a08d75215a7852f7d496b6fc0df30361) C:\WINDOWS\system32\DRIVERS\InCDRec.sys
2010/10/22 22:01:45.0875 IntcAzAudAddService (988a112c4061f309ce9c1abfc971d001) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/22 22:01:46.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/22 22:01:47.0171 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/22 22:01:47.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/22 22:01:48.0140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/22 22:01:48.0703 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/22 22:01:49.0296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/22 22:01:49.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/22 22:01:50.0343 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/22 22:01:50.0781 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/22 22:01:51.0312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/22 22:01:51.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/22 22:01:52.0312 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/10/22 22:01:53.0203 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/10/22 22:01:53.0671 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/10/22 22:01:55.0140 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2010/10/22 22:01:56.0593 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2010/10/22 22:01:57.0062 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/10/22 22:01:57.0531 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/10/22 22:01:57.0984 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/10/22 22:01:58.0468 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/10/22 22:01:58.0937 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/22 22:01:59.0453 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/10/22 22:01:59.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/22 22:02:00.0390 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/22 22:02:01.0343 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/10/22 22:02:01.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/22 22:02:02.0281 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/22 22:02:02.0750 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/22 22:02:03.0187 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/10/22 22:02:04.0125 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/22 22:02:04.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/22 22:02:05.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/22 22:02:06.0015 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/22 22:02:06.0453 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/22 22:02:06.0875 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/22 22:02:07.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/22 22:02:07.0765 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/22 22:02:08.0218 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/22 22:02:08.0750 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/22 22:02:09.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/22 22:02:09.0765 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/22 22:02:10.0203 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/22 22:02:10.0671 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/22 22:02:11.0140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/22 22:02:11.0671 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/22 22:02:12.0171 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/22 22:02:12.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/22 22:02:13.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/22 22:02:13.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/22 22:02:14.0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/22 22:02:18.0843 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/22 22:02:23.0812 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2010/10/22 22:02:24.0281 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/10/22 22:02:24.0734 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/10/22 22:02:25.0203 nvsmu (1968391131672f59c4734afe66ee075a) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2010/10/22 22:02:25.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/22 22:02:26.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/22 22:02:26.0625 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/22 22:02:27.0125 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/22 22:02:27.0578 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/22 22:02:28.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/22 22:02:28.0921 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/22 22:02:29.0390 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/22 22:02:32.0406 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
2010/10/22 22:02:32.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/22 22:02:33.0359 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/22 22:02:33.0843 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/22 22:02:34.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/22 22:02:34.0796 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/22 22:02:35.0671 QCMerced (e7ac7b1e8ae57c3d55c661187ceebf11) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2010/10/22 22:02:38.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/22 22:02:38.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/22 22:02:39.0031 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/22 22:02:39.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/22 22:02:40.0046 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/22 22:02:40.0640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/22 22:02:41.0218 RDPDISPM (c11a6c3a5d15da7e0b0b8a536b8f11f8) C:\WINDOWS\system32\DRIVERS\rdpdispm.sys
2010/10/22 22:02:41.0718 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/22 22:02:42.0281 RDPVDD (132616cc1ea8b67b0f3c45da513e8907) C:\WINDOWS\system32\DRIVERS\rdpvmp.sys
2010/10/22 22:02:42.0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/22 22:02:43.0312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/22 22:02:43.0968 RT61 (da84c3ed2f31b1d5d68f775eba4ecb59) C:\WINDOWS\system32\DRIVERS\RT61.sys
2010/10/22 22:02:44.0140 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/22 22:02:44.0359 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/10/22 22:02:44.0546 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/10/22 22:02:45.0406 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/22 22:02:45.0875 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/22 22:02:46.0343 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/22 22:02:46.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/22 22:02:47.0343 SI3114r (d95dc9d7aaafaaabbb7eb49eee573db8) C:\WINDOWS\system32\DRIVERS\SI3114r.sys
2010/10/22 22:02:47.0781 SiFilter (20cb16e14e411dff80932b7603e882e4) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2010/10/22 22:02:48.0609 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/22 22:02:49.0468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/22 22:02:50.0265 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/22 22:02:50.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/22 22:02:51.0500 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/22 22:02:52.0093 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/10/22 22:02:52.0593 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/22 22:02:53.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/22 22:02:53.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/22 22:02:55.0687 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/22 22:02:56.0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/22 22:02:56.0781 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/22 22:02:57.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/22 22:02:57.0718 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/22 22:02:58.0203 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/10/22 22:02:58.0781 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/10/22 22:02:59.0625 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/22 22:03:01.0046 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/22 22:03:02.0046 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/22 22:03:02.0531 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/22 22:03:03.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/22 22:03:03.0484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/22 22:03:03.0968 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/22 22:03:04.0453 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/22 22:03:04.0921 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/22 22:03:05.0375 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/10/22 22:03:05.0968 VBoxDrv (99807cc3cccad05f413df3cd174d720e) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
2010/10/22 22:03:06.0531 VBoxNetAdp (d381cdadba1f3f6c02c9c07fa18ff1ea) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2010/10/22 22:03:07.0015 VBoxNetFlt (590f33335ba929fed851280f9ee22c3b) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2010/10/22 22:03:07.0484 VBoxUSBMon (c5e7a731496d7d63070301c1af7e4e99) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
2010/10/22 22:03:07.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/22 22:03:08.0812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/22 22:03:09.0281 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/22 22:03:09.0781 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/10/22 22:03:10.0437 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/10/22 22:03:11.0296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/22 22:03:12.0062 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/22 22:03:12.0562 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/10/22 22:03:13.0031 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/22 22:03:13.0546 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/22 22:03:14.0078 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/22 22:03:14.0562 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/22 22:03:19.0625 ================================================================================
2010/10/22 22:03:19.0625 Scan finished
2010/10/22 22:03:19.0625 ================================================================================

I think this is good.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 23 October 2010 - 09:23 AM

This is good. But puzzling conisdering the redirections, which I presume are continuing.

Please do the following next

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 Trident18

Trident18
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 23 October 2010 - 09:42 AM

This is good. But puzzling conisdering the redirections, which I presume are continuing.

Actually, there haven't been any redirects recently. My bad. I thought I had written that, but didn't.
I am still seeing very slow loading of Opera & Chrome, but they are functional. And last night, after those scans, my PC started to slow down and then froze. I couldn't close Outlook (even tried ending the process with Task Manager) and when I finally got it to restart, it froze on the blue screen that says "Windows is shutting down...". I finally rebooted with the reset button on the front of my PC [waited at least 15minutes]. Windows took a very long time to reload as well.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 23 October 2010 - 09:59 AM

Ah, that explains things then.

Run ESET as I requested and then run CheckDisk - there may be some files that were damaged

We are going to run chkdsk which will verify and repair the file system

Step One: Click Start, select Run

Step Two: In the box, type cmd

Step Three: Click Ok

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.
Posted Image
m0le is a proud member of UNITE

#13 Trident18

Trident18
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 25 October 2010 - 09:06 AM

This is good. But puzzling conisdering the redirections, which I presume are continuing.

Please do the following next

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

The scan has been running for about 33 hours now- been on 99% complete for 20 of those hours. It's found 11 items so far, but I'm confident that the majority of them are on a storage/data drive and at least part of those are duplicates stuck in some backup files that ran before I could stop them (courtesy of Nero10). I'm no longer using the file-sharing program that got them. I also know that some of them are false-positives, but am willing to delete them nonetheless.
The bad news is that it's still on my first storage drive. I have a second. Is it going to scan all drives? [Apparently, it is. Working on my M: drive now.] A lot of the files on my 3rd drive are listed as zip files, but they aren't really traditional compressed files. They're used for flashing files to my Android phone.

[now scanning old backup files... 35.5hrs and counting. I need the use of my computer back... scan is making everything very slow.]

Edited by Trident18, 25 October 2010 - 10:58 AM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 25 October 2010 - 06:04 PM

Ah, sorry I had no idea how much storage you had.

Did it complete?
Posted Image
m0le is a proud member of UNITE

#15 Trident18

Trident18
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 26 October 2010 - 01:14 AM

Ah, sorry I had no idea how much storage you had.

Did it complete?

I'm not sure if it completed or not... all of a sudden, it disappeared. I'm going to start a scan right now, but I'm just going to scan my c: drive- if I scan e: and m:, we'll be doing this for another 40+ hrs.

[update]
Scan of c: drive finished with no threats found. There were 14 quarantined threats from the e: & m: drives, but when I tried to get them to print, the program closed.

Edited by Trident18, 26 October 2010 - 09:31 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users