Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Virus Removal


  • This topic is locked This topic is locked
22 replies to this topic

#1 akaj

akaj

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 05 December 2010 - 08:57 AM

Hi Guys,

Any help will be greatly appreciated! I had a virus on my computer so took it to a compute shop, all virus are now gone but they obviously didnt pick up what I now know to be the google virus. On lots on differnt advice ive run malware bytes, TDSS Killer, Hit Man Pro3.5, Hijack This, Microsoft Security and also combofix on somebodies advice! None of these have picked up anything and this is driving me nuts! Im running windows 7 64 bit so couldnt included the GMER log.
Forgot to add, when following instructions to look for files in the host file it would not allow me access. This was also the case when i ran Hijack this, it said it was not allowed access to host file even though i ran it as administrator.

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Andrew at 13:48:03.13 on 05/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3893.2332 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.secure-plus-payments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\aol6mkr4.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-4 55280]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-3 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-3 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-12-3 81584]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-3-30 1823112]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-4 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-7-17 220672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]

=============== Created Last 30 ================

2010-12-05 11:22:27 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2010-12-05 10:55:27 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-12-05 08:41:38 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-04 17:51:51 98816 ----a-w- C:\Windows\sed.exe
2010-12-04 17:51:51 89088 ----a-w- C:\Windows\MBR.exe
2010-12-04 17:51:51 256512 ----a-w- C:\Windows\PEV.exe
2010-12-04 17:51:51 161792 ----a-w- C:\Windows\SWREG.exe
2010-12-04 15:24:45 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{17205CE3-0116-4D1D-A0F8-8870E021B738}\mpengine.dll
2010-12-04 15:20:05 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-12-04 15:20:00 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-12-04 15:10:43 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-12-04 15:10:21 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-12-04 14:00:35 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Avira
2010-12-03 14:07:10 81584 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-12-03 14:07:09 -------- d-----w- C:\Program Files (x86)\Avira
2010-12-03 14:07:09 -------- d-----w- C:\PROGRA~3\Avira
2010-12-03 13:45:00 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B1DE011D-34D2-47C9-95AD-3356C85FD59C}\mpengine.dll
2010-12-03 13:44:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-12-03 12:45:54 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes
2010-12-03 12:45:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-03 12:45:48 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-03 12:45:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-03 12:45:48 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-30 15:52:09 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-11-25 15:26:40 -------- d-sh--w- C:\Users\Andrew\AppData\Roaming\Internet Security Suite
2010-11-25 15:26:40 -------- d-sh--w- C:\PROGRA~3\ISLHS
2010-11-25 15:25:56 -------- d-sh--w- C:\PROGRA~3\7c685d
2010-11-24 14:05:09 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 14:05:09 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-21 03:54:56 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Xetyc
2010-11-13 17:07:04 -------- d-----w- C:\Users\Andrew\AppData\Local\Google

==================== Find3M ====================

2010-09-15 04:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 10:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 13:48:39.32 ===============

Attached Files


Edited by akaj, 05 December 2010 - 09:14 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 11 December 2010 - 11:33 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 akaj

akaj
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 12 December 2010 - 02:42 AM

Hi

Thanks for getting back to me, fingers crossed you can get rid of this as its driving me nuts!


DDS (Ver_10-12-12.01) - NTFS_AMD64
Run by Andrew at 7:41:07.01 on 12/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3893.2391 [GMT 0:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\SysWOW64\wscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.secure-plus-payments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\aol6mkr4.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-4 55280]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-3 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-3 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-12-3 83120]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-3-30 1823112]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-4 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-7-17 220672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]

=============== Created Last 30 ================

2010-12-08 14:30:41 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{42546EC0-6590-43F4-A8A9-E8AED705DFBA}\mpengine.dll
2010-12-05 16:24:41 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-05 11:22:27 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2010-12-05 10:55:27 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-12-05 08:41:38 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-04 17:51:51 98816 ----a-w- C:\Windows\sed.exe
2010-12-04 17:51:51 89088 ----a-w- C:\Windows\MBR.exe
2010-12-04 17:51:51 256512 ----a-w- C:\Windows\PEV.exe
2010-12-04 17:51:51 161792 ----a-w- C:\Windows\SWREG.exe
2010-12-04 15:20:05 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-12-04 15:20:00 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-12-04 15:10:43 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-12-04 15:10:21 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-12-04 14:00:35 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Avira
2010-12-03 14:07:10 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-12-03 14:07:09 -------- d-----w- C:\Program Files (x86)\Avira
2010-12-03 14:07:09 -------- d-----w- C:\PROGRA~3\Avira
2010-12-03 13:45:00 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B1DE011D-34D2-47C9-95AD-3356C85FD59C}\mpengine.dll
2010-12-03 13:44:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-12-03 12:45:54 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes
2010-12-03 12:45:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-03 12:45:48 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-03 12:45:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-03 12:45:48 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-30 15:52:09 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-11-25 15:26:40 -------- d-sh--w- C:\Users\Andrew\AppData\Roaming\Internet Security Suite
2010-11-25 15:26:40 -------- d-sh--w- C:\PROGRA~3\ISLHS
2010-11-25 15:25:56 -------- d-sh--w- C:\PROGRA~3\7c685d
2010-11-24 14:05:09 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 14:05:09 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-21 03:54:56 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Xetyc
2010-11-13 17:07:04 -------- d-----w- C:\Users\Andrew\AppData\Local\Google

==================== Find3M ====================

2010-09-15 04:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

============= FINISH: 7:41:30.23 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 12 December 2010 - 02:47 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 akaj

akaj
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 12 December 2010 - 03:09 AM

Hi Gringo

No problems while running combofix but still getting redirected on google.

ComboFix 10-12-11.03 - Andrew 12/12/2010 7:58.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3893.2544 [GMT 0:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Andrew\AppData\Roaming\Internet Security Suite
c:\users\Andrew\AppData\Roaming\Internet Security Suite\cookies.sqlite
c:\users\Andrew\AppData\Roaming\Internet Security Suite\Instructions.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 08:03 . 2010-12-12 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 07:52 . 2010-11-09 21:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36D5B026-CC41-4DD3-8363-DB95FFECF83F}\mpengine.dll
2010-12-05 16:24 . 2010-11-09 21:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-05 11:22 . 2010-12-05 11:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-12-05 10:55 . 2010-12-05 10:55 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-04 15:20 . 2010-12-04 15:20 -------- d-----w- c:\program files (x86)\Microsoft Antimalware
2010-12-04 15:20 . 2010-12-04 15:20 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-04 15:10 . 2010-12-06 19:36 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-04 15:10 . 2010-12-05 11:22 -------- d-----w- c:\programdata\Hitman Pro
2010-12-04 14:00 . 2010-12-04 14:00 -------- d-----w- c:\users\Andrew\AppData\Roaming\Avira
2010-12-03 15:47 . 2010-12-03 15:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-03 14:07 . 2010-12-06 14:57 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-03 14:07 . 2010-08-02 16:10 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-03 14:07 . 2010-12-03 14:07 -------- d-----w- c:\programdata\Avira
2010-12-03 14:07 . 2010-12-03 14:07 -------- d-----w- c:\program files (x86)\Avira
2010-12-03 13:45 . 2010-11-16 12:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1DE011D-34D2-47C9-95AD-3356C85FD59C}\mpengine.dll
2010-12-03 13:44 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-03 12:45 . 2010-12-03 12:45 -------- d-----w- c:\users\Andrew\AppData\Roaming\Malwarebytes
2010-12-03 12:45 . 2010-11-29 17:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-03 12:45 . 2010-12-03 13:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-03 12:45 . 2010-12-03 12:45 -------- d-----w- c:\programdata\Malwarebytes
2010-12-03 12:45 . 2010-11-29 17:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 15:52 . 2010-11-30 15:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-25 15:26 . 2010-11-25 15:26 -------- d-sh--w- c:\programdata\ISLHS
2010-11-25 15:25 . 2010-11-25 15:58 -------- d-sh--w- c:\programdata\7c685d
2010-11-24 14:05 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 14:05 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-21 03:54 . 2010-12-05 10:28 -------- d-----w- c:\users\Andrew\AppData\Roaming\Xetyc
2010-11-13 17:14 . 2010-11-13 17:20 -------- d-----w- c:\program files (x86)\Google
2010-11-13 17:07 . 2010-11-14 15:30 -------- d-----w- c:\users\Andrew\AppData\Local\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-03 14:45 . 2010-04-21 14:59 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-12-03 14:44 . 2010-05-19 12:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-12-03 14:44 . 2010-04-21 14:59 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-15 04:50 . 2010-08-17 16:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-04_17.57.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2010-12-12 07:31 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-04 12:47 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-04 12:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-12 07:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-04 12:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-12 07:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-04 18:10 . 2010-12-07 08:49 53396 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-09 09:02 31912 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-14 07:31 . 2010-12-09 09:02 13642 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4241989811-249472069-3151003635-1001_UserData.bin
- 2010-03-13 08:50 . 2010-12-03 14:06 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-13 08:50 . 2010-12-05 13:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-13 08:50 . 2010-12-05 13:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-13 08:50 . 2010-12-03 14:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-05 13:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-03 14:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-14 07:32 . 2010-12-04 12:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-14 07:32 . 2010-12-09 09:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2010-12-07 17:05 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-14 07:32 . 2010-12-09 09:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-14 07:32 . 2010-12-04 12:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-14 07:32 . 2010-12-09 09:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-14 07:32 . 2010-12-04 12:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-13 15:00 . 2010-12-09 09:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-13 15:00 . 2010-12-04 12:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-13 15:00 . 2010-12-04 12:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-13 15:00 . 2010-12-09 09:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-09 09:00 . 2010-12-09 09:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-04 12:45 . 2010-12-04 12:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-09 09:00 . 2010-12-09 09:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-04 12:45 . 2010-12-04 12:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-13 18:09 . 2010-12-12 07:31 234390 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-03-14 12:33 . 2010-12-09 18:29 254568 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2010-12-09 10:38 628460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2010-12-04 11:12 628460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-09 10:38 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2010-12-04 11:12 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 02:34 . 2010-12-04 15:35 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2010-12-12 08:02 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1823112]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 40832]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13 17:14]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13 17:14]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\aol6mkr4.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\program files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-12 08:06:04
ComboFix-quarantined-files.txt 2010-12-12 08:06
ComboFix2.txt 2010-12-04 18:00

Pre-Run: 25,313,435,648 bytes free
Post-Run: 25,223,434,240 bytes free

- - End Of File - - 24A20CCD19FA2A76A1FE085AC6884577

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 12 December 2010 - 03:13 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 akaj

akaj
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 12 December 2010 - 03:18 AM

Nothing found by it.


2010/12/12 08:16:21.0569 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/12 08:16:21.0569 ================================================================================
2010/12/12 08:16:21.0569 SystemInfo:
2010/12/12 08:16:21.0569
2010/12/12 08:16:21.0569 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/12 08:16:21.0569 Product type: Workstation
2010/12/12 08:16:21.0569 ComputerName: ANDREW-PC
2010/12/12 08:16:21.0569 UserName: Andrew
2010/12/12 08:16:21.0569 Windows directory: C:\Windows
2010/12/12 08:16:21.0569 System windows directory: C:\Windows
2010/12/12 08:16:21.0569 Running under WOW64
2010/12/12 08:16:21.0569 Processor architecture: Intel x64
2010/12/12 08:16:21.0569 Number of processors: 4
2010/12/12 08:16:21.0569 Page size: 0x1000
2010/12/12 08:16:21.0569 Boot type: Normal boot
2010/12/12 08:16:21.0569 ================================================================================
2010/12/12 08:16:21.0569 Utility is running under WOW64
2010/12/12 08:16:21.0974 Initialize success
2010/12/12 08:16:30.0929 ================================================================================
2010/12/12 08:16:30.0929 Scan started
2010/12/12 08:16:30.0929 Mode: Manual;
2010/12/12 08:16:30.0929 ================================================================================
2010/12/12 08:16:31.0958 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/12 08:16:32.0005 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/12 08:16:32.0036 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/12 08:16:32.0099 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/12 08:16:32.0145 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/12 08:16:32.0192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/12 08:16:32.0255 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/12 08:16:32.0301 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/12 08:16:32.0348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/12 08:16:32.0364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/12 08:16:32.0411 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/12 08:16:32.0457 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/12 08:16:32.0504 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/12 08:16:32.0551 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/12 08:16:32.0567 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/12 08:16:32.0676 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/12 08:16:32.0707 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/12 08:16:32.0816 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/12 08:16:32.0847 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/12 08:16:32.0879 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/12 08:16:32.0925 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/12 08:16:33.0035 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/12/12 08:16:33.0191 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2010/12/12 08:16:33.0284 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/12 08:16:33.0362 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/12 08:16:33.0425 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
2010/12/12 08:16:33.0534 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
2010/12/12 08:16:33.0705 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/12 08:16:33.0768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/12 08:16:33.0830 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/12 08:16:33.0877 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/12 08:16:33.0908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/12 08:16:33.0955 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/12 08:16:33.0986 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/12 08:16:34.0002 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/12 08:16:34.0033 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/12 08:16:34.0080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/12 08:16:34.0173 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/12 08:16:34.0236 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/12 08:16:34.0283 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/12 08:16:34.0329 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/12 08:16:34.0407 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/12 08:16:34.0423 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/12 08:16:34.0485 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/12 08:16:34.0532 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/12 08:16:34.0579 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/12 08:16:34.0626 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/12 08:16:34.0688 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2010/12/12 08:16:34.0766 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/12 08:16:34.0797 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/12 08:16:34.0844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/12 08:16:34.0922 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2010/12/12 08:16:34.0969 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/12/12 08:16:35.0000 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/12/12 08:16:35.0078 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/12 08:16:35.0141 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/12 08:16:35.0312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/12 08:16:35.0484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/12 08:16:35.0515 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/12 08:16:35.0577 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/12 08:16:35.0593 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/12 08:16:35.0640 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/12 08:16:35.0702 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/12 08:16:35.0733 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/12 08:16:35.0780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/12 08:16:35.0827 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/12 08:16:35.0889 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/12 08:16:35.0905 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/12 08:16:35.0952 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/12 08:16:35.0999 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/12 08:16:36.0061 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/12 08:16:36.0155 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2010/12/12 08:16:36.0201 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/12 08:16:36.0248 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/12 08:16:36.0295 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2010/12/12 08:16:36.0326 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/12 08:16:36.0357 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/12 08:16:36.0404 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/12 08:16:36.0451 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/12 08:16:36.0545 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/12 08:16:36.0591 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/12 08:16:36.0638 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/12 08:16:36.0669 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/12 08:16:36.0732 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/12 08:16:36.0966 igfx (0372c154226f7074cd150f475a4870a6) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/12/12 08:16:37.0153 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/12 08:16:37.0215 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2010/12/12 08:16:37.0340 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
2010/12/12 08:16:37.0403 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
2010/12/12 08:16:37.0449 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/12 08:16:37.0496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/12 08:16:37.0574 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/12 08:16:37.0605 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/12 08:16:37.0652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/12 08:16:37.0746 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/12 08:16:37.0777 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/12 08:16:37.0824 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/12 08:16:37.0839 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/12 08:16:37.0886 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/12 08:16:37.0917 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/12 08:16:37.0964 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/12 08:16:37.0995 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/12 08:16:38.0089 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/12 08:16:38.0151 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/12 08:16:38.0183 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/12 08:16:38.0354 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/12 08:16:38.0370 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/12 08:16:38.0417 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/12 08:16:38.0463 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/12 08:16:38.0495 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/12 08:16:38.0526 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/12 08:16:38.0573 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/12 08:16:38.0635 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/12 08:16:38.0697 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/12 08:16:38.0729 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/12 08:16:38.0791 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/12 08:16:38.0822 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/12 08:16:38.0869 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/12 08:16:38.0900 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/12 08:16:38.0931 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/12 08:16:38.0978 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/12 08:16:39.0009 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/12 08:16:39.0056 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/12 08:16:39.0087 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/12 08:16:39.0150 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/12 08:16:39.0197 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/12 08:16:39.0228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/12 08:16:39.0275 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/12 08:16:39.0321 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/12 08:16:39.0384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/12 08:16:39.0415 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/12 08:16:39.0462 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/12 08:16:39.0493 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/12 08:16:39.0524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/12 08:16:39.0555 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/12 08:16:39.0587 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/12 08:16:39.0649 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/12 08:16:39.0727 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/12 08:16:39.0774 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/12 08:16:39.0821 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/12 08:16:39.0852 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/12 08:16:39.0899 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/12 08:16:39.0945 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/12 08:16:40.0023 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/12 08:16:40.0055 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/12 08:16:40.0133 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/12 08:16:40.0164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/12 08:16:40.0195 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/12 08:16:40.0289 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/12 08:16:40.0320 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/12 08:16:40.0367 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/12 08:16:40.0382 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/12 08:16:40.0445 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/12 08:16:40.0491 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/12 08:16:40.0538 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/12 08:16:40.0585 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/12 08:16:40.0647 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/12 08:16:40.0679 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/12 08:16:40.0710 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/12 08:16:40.0741 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/12 08:16:40.0772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/12 08:16:40.0944 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/12 08:16:40.0975 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/12 08:16:41.0037 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/12 08:16:41.0084 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/12/12 08:16:41.0178 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/12 08:16:41.0225 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/12 08:16:41.0256 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/12 08:16:41.0287 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/12 08:16:41.0334 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/12 08:16:41.0381 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/12 08:16:41.0412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/12 08:16:41.0443 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/12 08:16:41.0490 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/12 08:16:41.0537 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/12 08:16:41.0568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/12 08:16:41.0599 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/12 08:16:41.0630 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/12 08:16:41.0661 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/12 08:16:41.0708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/12 08:16:41.0771 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/12 08:16:41.0833 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
2010/12/12 08:16:41.0895 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/12/12 08:16:41.0927 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/12 08:16:41.0973 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/12 08:16:42.0067 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/12 08:16:42.0114 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/12 08:16:42.0145 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/12 08:16:42.0176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/12 08:16:42.0223 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/12 08:16:42.0254 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/12 08:16:42.0270 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/12 08:16:42.0301 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/12 08:16:42.0363 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/12 08:16:42.0410 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/12 08:16:42.0441 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/12 08:16:42.0488 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/12 08:16:42.0551 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/12 08:16:42.0597 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/12 08:16:42.0644 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/12 08:16:42.0707 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/12 08:16:42.0738 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/12 08:16:42.0847 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/12 08:16:42.0909 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/12 08:16:42.0956 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/12 08:16:43.0003 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/12 08:16:43.0034 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/12 08:16:43.0081 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/12 08:16:43.0128 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/12 08:16:43.0206 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/12 08:16:43.0268 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/12 08:16:43.0299 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/12 08:16:43.0331 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/12 08:16:43.0393 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/12 08:16:43.0440 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/12 08:16:43.0487 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/12 08:16:43.0533 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/12/12 08:16:43.0596 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/12 08:16:43.0627 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/12 08:16:43.0658 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/12 08:16:43.0705 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/12 08:16:43.0752 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/12 08:16:43.0783 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/12 08:16:43.0845 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/12 08:16:43.0877 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/12 08:16:43.0923 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/12 08:16:43.0986 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2010/12/12 08:16:44.0048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/12 08:16:44.0095 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/12 08:16:44.0126 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/12 08:16:44.0157 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/12 08:16:44.0189 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/12 08:16:44.0220 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/12 08:16:44.0251 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/12 08:16:44.0282 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/12 08:16:44.0345 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/12 08:16:44.0376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/12 08:16:44.0423 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/12 08:16:44.0454 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/12 08:16:44.0516 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/12 08:16:44.0532 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/12 08:16:44.0610 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/12 08:16:44.0657 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/12 08:16:44.0735 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/12 08:16:44.0766 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/12 08:16:44.0859 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/12 08:16:44.0922 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/12 08:16:44.0984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/12 08:16:45.0047 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/12 08:16:45.0093 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/12 08:16:45.0171 ================================================================================
2010/12/12 08:16:45.0171 Scan finished
2010/12/12 08:16:45.0171 ================================================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 12 December 2010 - 03:29 AM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 akaj

akaj
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 12 December 2010 - 03:34 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Andrew-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-53-21-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : C4-17-FE-D5-E5-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4d36:e4d3:e87c:71cb%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 12 December 2010 07:31:34
Lease Expires . . . . . . . . . . : 13 December 2010 07:31:56
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 197400574
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-21-C2-D4-B8-AC-6F-53-21-E2
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 00-23-C3-54-AD-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.84.173.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 09 December 2010 09:00:33
Lease Expires . . . . . . . . . . : 12 December 2011 07:31:50
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9AF8E550-06D6-4BCE-9913-98DC6250C5D4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:554:ad55::554:ad55(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DFEA87AE-E002-4C61-B20E-98848AFE0F5B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3430:1cf9:a972:580(Preferred)
Link-local IPv6 Address . . . . . : fe80::3430:1cf9:a972:580%23(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Address: 173.194.36.104

Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging google.com [69.72.227.44] with 32 bytes of data:
Reply from 69.72.227.44: bytes=32 time=125ms TTL=47
Reply from 69.72.227.44: bytes=32 time=122ms TTL=47

Ping statistics for 69.72.227.44:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 122ms, Maximum = 125ms, Average = 123ms

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=136ms TTL=50
Reply from 69.147.125.65: bytes=32 time=131ms TTL=50

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 131ms, Maximum = 136ms, Average = 133ms
===========================================================================
Interface List
12...b8 ac 6f 53 21 e2 ......Realtek PCIe FE Family Controller
11...c4 17 fe d5 e5 80 ......Dell Wireless 1397 WLAN Mini-Card
15...00 23 c3 54 ad 55 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
24...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.84.173.85 9001
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 26
5.0.0.0 255.0.0.0 On-link 5.84.173.85 9256
5.84.173.85 255.255.255.255 On-link 5.84.173.85 9256
5.255.255.255 255.255.255.255 On-link 5.84.173.85 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.66 281
192.168.1.66 255.255.255.255 On-link 192.168.1.66 281
192.168.1.255 255.255.255.255 On-link 192.168.1.66 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.84.173.85 9256
224.0.0.0 240.0.0.0 On-link 192.168.1.66 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.84.173.85 9256
255.255.255.255 255.255.255.255 On-link 192.168.1.66 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
26 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
23 58 2001::/32 On-link
23 306 2001:0:5ef5:79fd:3430:1cf9:a972:580/128
On-link
26 1025 2002::/16 On-link
26 281 2002:554:ad55::554:ad55/128
On-link
11 281 fe80::/64 On-link
23 306 fe80::/64 On-link
23 306 fe80::3430:1cf9:a972:580/128
On-link
11 281 fe80::4d36:e4d3:e87c:71cb/128
On-link
1 306 ff00::/8 On-link
23 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 12 December 2010 - 04:12 AM

Hello

After you have completed the following please check the computer and let me know if it is still redirecting.


Resetting Router

Letís try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 akaj

akaj
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 12 December 2010 - 04:48 AM

Still redirecting im afraid.


Windows IP Configuration

Host Name . . . . . . . . . . . . : Andrew-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-53-21-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : C4-17-FE-D5-E5-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4d36:e4d3:e87c:71cb%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 12 December 2010 07:31:34
Lease Expires . . . . . . . . . . : 13 December 2010 09:43:32
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 197400574
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-21-C2-D4-B8-AC-6F-53-21-E2
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 00-23-C3-54-AD-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.84.173.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 09 December 2010 09:00:33
Lease Expires . . . . . . . . . . : 12 December 2011 07:31:51
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9AF8E550-06D6-4BCE-9913-98DC6250C5D4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:554:ad55::554:ad55(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
2002:c612:102::c612:102
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DFEA87AE-E002-4C61-B20E-98848AFE0F5B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cd7:1fb7:a954:ca87(Preferred)
Link-local IPv6 Address . . . . . : fe80::2cd7:1fb7:a954:ca87%23(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Address: 173.194.37.104

Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56


Pinging google.com [69.72.227.44] with 32 bytes of data:
Reply from 69.72.227.44: bytes=32 time=131ms TTL=47
Reply from 69.72.227.44: bytes=32 time=133ms TTL=47

Ping statistics for 69.72.227.44:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 131ms, Maximum = 133ms, Average = 132ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=139ms TTL=49
Reply from 67.195.160.76: bytes=32 time=140ms TTL=49

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 139ms, Maximum = 140ms, Average = 139ms
===========================================================================
Interface List
12...b8 ac 6f 53 21 e2 ......Realtek PCIe FE Family Controller
11...c4 17 fe d5 e5 80 ......Dell Wireless 1397 WLAN Mini-Card
15...00 23 c3 54 ad 55 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
24...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.84.173.85 9001
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 26
5.0.0.0 255.0.0.0 On-link 5.84.173.85 9256
5.84.173.85 255.255.255.255 On-link 5.84.173.85 9256
5.255.255.255 255.255.255.255 On-link 5.84.173.85 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.66 281
192.168.1.66 255.255.255.255 On-link 192.168.1.66 281
192.168.1.255 255.255.255.255 On-link 192.168.1.66 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.84.173.85 9256
224.0.0.0 240.0.0.0 On-link 192.168.1.66 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.84.173.85 9256
255.255.255.255 255.255.255.255 On-link 192.168.1.66 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
26 1125 ::/0 2002:c058:6301::c058:6301
26 1125 ::/0 2002:c612:102::c612:102
1 306 ::1/128 On-link
23 58 2001::/32 On-link
23 306 2001:0:4137:9e76:2cd7:1fb7:a954:ca87/128
On-link
26 1025 2002::/16 On-link
26 281 2002:554:ad55::554:ad55/128
On-link
11 281 fe80::/64 On-link
23 306 fe80::/64 On-link
23 306 fe80::2cd7:1fb7:a954:ca87/128
On-link
11 281 fe80::4d36:e4d3:e87c:71cb/128
On-link
1 306 ff00::/8 On-link
23 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Edited by akaj, 12 December 2010 - 04:50 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 12 December 2010 - 04:56 AM

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 akaj

akaj
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 12 December 2010 - 05:12 AM

OTL logfile created on: 12/12/2010 10:06:37 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Andrew\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 23.55 Gb Free Space | 40.19% Space Free | Partition Type: NTFS
Drive D: | 229.63 Gb Total Space | 229.34 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 3.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andrew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)


========== Modules (SafeList) ==========

MOD - C:\Users\Andrew\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/04 14:10:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/04 14:56:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/04 14:56:13 | 000,000,000 | ---D | M]

[2010/12/04 14:56:34 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2010/12/04 14:56:34 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\aol6mkr4.default\extensions
[2010/12/04 14:56:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/17 16:16:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/03 15:25:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/25 15:58:22 | 000,001,658 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 69.72.227.44 www.google.com
O1 - Hosts: 69.72.227.44 google.com
O1 - Hosts: 69.72.227.44 google.com.au
O1 - Hosts: 69.72.227.44 www.google.com.au
O1 - Hosts: 69.72.227.44 google.be
O1 - Hosts: 69.72.227.44 www.google.be
O1 - Hosts: 69.72.227.44 google.com.br
O1 - Hosts: 69.72.227.44 www.google.com.br
O1 - Hosts: 69.72.227.44 google.ca
O1 - Hosts: 69.72.227.44 www.google.ca
O1 - Hosts: 69.72.227.44 google.ch
O1 - Hosts: 69.72.227.44 www.google.ch
O1 - Hosts: 69.72.227.44 google.de
O1 - Hosts: 69.72.227.44 www.google.de
O1 - Hosts: 69.72.227.44 google.dk
O1 - Hosts: 69.72.227.44 www.google.dk
O1 - Hosts: 69.72.227.44 google.fr
O1 - Hosts: 31 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll File not found
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll File not found
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro35 - Reg Error: Value error.
SafeBootNet:64bit: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet:64bit: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010/12/12 09:59:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2010/12/12 08:06:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/12 07:56:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/07 10:56:38 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Open University
[2010/12/05 11:22:27 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/12/05 10:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/12/04 17:51:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/04 17:51:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/04 17:51:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/04 17:51:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/04 17:51:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/04 15:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/12/04 15:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/12/04 15:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/12/04 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Avira
[2010/12/03 15:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/12/03 14:07:10 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/12/03 14:07:10 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/03 14:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/12/03 14:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/12/03 12:45:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
[2010/12/03 12:45:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/03 12:45:48 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/03 12:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/03 12:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/02 12:29:14 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew\Desktop\TDSSKiller.exe
[2010/11/30 15:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/25 15:26:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\ISLHS
[2010/11/25 15:25:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\7c685d
[2010/11/21 03:54:56 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Xetyc
[2010/11/13 17:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/11/13 17:07:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Google
[2010/03/14 07:32:44 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Andrew\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/12/12 09:59:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2010/12/12 09:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/12 08:16:06 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew\Desktop\TDSSKiller.exe
[2010/12/12 07:55:33 | 003,988,425 | R--- | M] () -- C:\Users\Andrew\Desktop\ComboFix.exe
[2010/12/12 07:37:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/12 07:35:22 | 000,624,640 | ---- | M] () -- C:\Users\Andrew\Desktop\dds.scr
[2010/12/12 07:34:27 | 000,050,477 | ---- | M] () -- C:\Users\Andrew\Desktop\Defogger.exe
[2010/12/12 07:31:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/09 10:38:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/09 10:38:40 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/09 10:38:40 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/09 09:07:57 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/09 09:07:57 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/09 09:01:08 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/12/09 09:00:24 | 3061,215,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/06 19:36:48 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/12/06 14:57:00 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/05 13:46:43 | 000,000,000 | ---- | M] () -- C:\Users\Andrew\defogger_reenable
[2010/12/05 11:22:27 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/12/05 10:55:29 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/12/04 18:29:13 | 000,000,036 | ---- | M] () -- C:\Users\Andrew\AppData\Local\housecall.guid.cache
[2010/12/04 15:20:01 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/04 14:56:15 | 000,001,965 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/04 14:56:15 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/28 13:27:28 | 000,021,504 | ---- | M] () -- C:\Users\Andrew\Documents\Quiz.wps
[2010/11/28 13:27:28 | 000,000,804 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\wklnhst.dat
[2010/11/25 15:58:22 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/23 12:16:39 | 000,818,176 | ---- | M] () -- C:\Users\Andrew\Documents\PICTURE ROUND.wps
[2010/11/13 17:20:21 | 000,002,241 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/12 16:59:30 | 000,016,384 | ---- | M] () -- C:\Users\Andrew\Documents\Football Quiz.wps

========== Files Created - No Company Name ==========

[2010/12/12 07:55:33 | 003,988,425 | R--- | C] () -- C:\Users\Andrew\Desktop\ComboFix.exe
[2010/12/05 13:47:49 | 000,624,640 | ---- | C] () -- C:\Users\Andrew\Desktop\dds.scr
[2010/12/05 13:46:43 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\defogger_reenable
[2010/12/05 13:46:05 | 000,050,477 | ---- | C] () -- C:\Users\Andrew\Desktop\Defogger.exe
[2010/12/05 10:55:29 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/12/04 18:29:13 | 000,000,036 | ---- | C] () -- C:\Users\Andrew\AppData\Local\housecall.guid.cache
[2010/12/04 17:51:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/04 17:51:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/04 17:51:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/04 17:51:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/04 17:51:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/04 15:20:01 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/04 15:10:43 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/12/04 14:56:15 | 000,001,965 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/04 14:56:15 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/23 11:40:08 | 000,818,176 | ---- | C] () -- C:\Users\Andrew\Documents\PICTURE ROUND.wps
[2010/11/13 17:20:21 | 000,002,241 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/13 17:14:41 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 17:14:40 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 15:27:45 | 000,016,384 | ---- | C] () -- C:\Users\Andrew\Documents\Football Quiz.wps
[2010/08/04 14:02:25 | 000,001,265 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/28 15:25:51 | 000,000,804 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\wklnhst.dat
[2010/03/04 19:30:50 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/03/04 19:30:50 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/30 18:06:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/10/30 18:06:24 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/06 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/08/17 16:22:10 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\OpenOffice.org
[2010/11/05 19:29:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Sports Interactive
[2010/04/16 18:46:58 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Template
[2010/07/28 17:32:44 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Windows Live Writer
[2010/12/05 10:28:13 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Xetyc
[2010/12/05 11:23:58 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 12 December 2010 - 05:19 AM

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 akaj

akaj
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 12 December 2010 - 05:36 AM

Ive had no redirects so far with a few tries! Google is also now doing searches in real time as i type them in! Fingers crossed!

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andrew\Desktop\cmd.bat deleted successfully.
C:\Users\Andrew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 10327 bytes
->Temporary Internet Files folder emptied: 198394411 bytes
->Java cache emptied: 37591153 bytes
->FireFox cache emptied: 55638083 bytes
->Google Chrome cache emptied: 6371858 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 102212 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 284.00 mb


[EMPTYFLASH]

User: All Users

User: Andrew
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12122010_102826

Files\Folders moved on Reboot...
C:\Users\Andrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users