Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FF3 & IE8 opening pages and blue screening


  • This topic is locked This topic is locked
44 replies to this topic

#1 Dan V

Dan V

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 04 February 2011 - 05:50 PM

Hi
The problem now is that both FF3 and IE8 are opening unrequested windows.
Sometimes new windows, sometimes the window Im working in.
Sometimes goes to Google, sometimes a random page.
Often goes through a URL called epoclick.

2 more strange things...
Before reformatting the harddrive and reinstalling windows
both FF and IE would bluescreen almost immediately
and yet I could run Chrome and Opera without problems!
Now I can run both browsers BUT running the recommended gmer.exe bluescreens !
Which is of course why I have not managed to include its report here.
The bluescreen is too fast to read but previously (before format) it was throwing an infinite loop error of some sort from a dll file in the system32 folder.

Also - my flatmate on the same wireless adsl connection -
but using a mac -
has FF popping up random pages.
Wow - is that a coincidence or what?

Neither Avira free, AVG free, SuperantiSpyware, or SpywareSearch&Destroy have detected anything useful.

Does this sound like a rootkit?
Is it capable of stealing info or passwords etc?

Thanks very much for your help - I really appreciate your time.

Dan V
____________________________


DDS (Ver_10-12-12.02) - NTFSx86
Run by Narada at 7:23:18.62 on Sat 05/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1190 [GMT 11:00]

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Programs\SystemTools\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\SystemTools\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Programs\SystemTools\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
D:\Programs\SystemTools\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programs\SystemTools\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Programs\Web\ZoneAlarm\zlclient.exe
D:\Programs\SystemTools\acronis\TrueImageMonitor.exe
D:\Programs\SystemTools\acronis\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe
D:\Programs\Web\FreecorderToolbar\FLVSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\SystemTools\Sandboxie\SbieCtrl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Narada\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Programs\SystemTools\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Narada\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Programs\SystemTools\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Programs\Web\FireFox\firefox.exe
D:\Programs\Web\FireFox\plugin-container.exe
C:\Documents and Settings\Narada\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/advanced_search?hl=en
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\programs\system~1\spybot~1\SDHelper.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "d:\programs\systemtools\sandboxie\SbieCtrl.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\narada\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] d:\programs\systemtools\spybot - search & destroy\TeaTimer.exe
mRun: [avgnt] "d:\programs\systemtools\avira\antivir desktop\avgnt.exe" /min
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [ZoneAlarm Client] "d:\programs\web\zonealarm\zlclient.exe"
mRun: [TrueImageMonitor.exe] d:\programs\systemtools\acronis\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] d:\programs\systemtools\acronis\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [jkss.exe] c:\program files\common files\microsoft shared\web components\cffmon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Freecorder FLV Service] "d:\programs\web\freecordertoolbar\FLVSrvc.exe" /run
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\narada\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\narada\application data\dropbox\bin\Dropbox.exe
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\programs\system~1\spybot~1\SDHelper.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\narada\applic~1\mozilla\firefox\profiles\lmwxp2fp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=
FF - component: c:\documents and settings\narada\application data\mozilla\firefox\profiles\lmwxp2fp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\narada\application data\mozilla\firefox\profiles\lmwxp2fp.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\narada\application data\mozilla\firefox\profiles\lmwxp2fp.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\narada\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\web\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\programs\systemtools\avira\antivir desktop\avgio.sys [2011-1-22 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-1-22 532224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\programs\systemtools\avira\antivir desktop\sched.exe [2011-1-22 135336]
R2 AntiVirService;Avira AntiVir Guard;d:\programs\systemtools\avira\antivir desktop\avguard.exe [2011-1-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-22 61960]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-1-22 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-1-22 416112]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-7 61952]
R3 SbieDrv;SbieDrv;d:\programs\systemtools\sandboxie\SbieDrv.sys [2011-1-13 125672]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-1-22 16240]

=============== Created Last 30 ================

2011-02-04 19:59:57 388096 ----a-r- c:\docume~1\narada\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-03 07:18:52 -------- d-----w- c:\docume~1\narada\applic~1\Dropbox
2011-02-02 13:37:52 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-02 13:37:52 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-02 13:37:41 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-02-02 13:37:41 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-02-02 13:24:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-31 12:15:40 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\Google
2011-01-29 03:23:37 -------- d--h--w- c:\windows\PIF
2011-01-27 02:00:52 -------- d-----w- c:\docume~1\narada\applic~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-01-27 00:39:07 -------- d-----w- c:\docume~1\narada\applic~1\PriceGong
2011-01-27 00:38:53 -------- d-----w- c:\program files\Conduit
2011-01-27 00:38:53 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\Freecorder
2011-01-27 00:38:53 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\Conduit
2011-01-27 00:38:51 -------- d-----w- c:\program files\ConduitEngine
2011-01-27 00:38:51 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\ConduitEngine
2011-01-27 00:38:48 -------- d-----w- c:\program files\Freecorder
2011-01-27 00:38:48 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\Temp
2011-01-27 00:37:58 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\FLVService
2011-01-27 00:37:54 -------- d-----w- c:\windows\Freecorder
2011-01-26 08:32:36 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\Identities
2011-01-25 00:13:23 282624 ----a-w- c:\program files\Microsoft .NET Framework 3.6 SP8.exe
2011-01-24 12:33:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-01-24 12:23:49 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\Adobe
2011-01-24 12:21:47 812496 ----a-w- c:\temp\adobe dreamweaver cs5\software\Set-up.exe
2011-01-24 12:21:47 424944 ------w- c:\temp\adobe dreamweaver cs5\software\resources\updaterinventory.dll
2011-01-24 12:21:46 734672 ----a-w- c:\temp\adobe dreamweaver cs5\software\resources\AdobePIM.dll
2011-01-24 12:21:25 126464 ----a-w- c:\temp\adobe dreamweaver cs5\software\payloads\adobehelp\AIRInstallerRunner.exe
2011-01-24 12:21:24 15849968 ----a-w- c:\temp\adobe dreamweaver cs5\software\payloads\adobehelp\AdobeAIRInstaller.exe
2011-01-24 12:20:57 15849968 ----a-w- c:\temp\adobe dreamweaver cs5\software\payloads\adobeamp1.8-mul\AdobeAIRInstaller.exe
2011-01-24 12:20:57 15849968 ----a-w- c:\temp\adobe dreamweaver cs5\software\payloads\adobeair1.5.3-mul\AdobeAIRInstaller.exe
2011-01-24 12:20:55 59904 ----a-w- c:\temp\adobe dreamweaver cs5\software\microsoft.vc90.mfc\mfcm90u.dll
2011-01-24 12:20:55 59904 ----a-w- c:\temp\adobe dreamweaver cs5\software\microsoft.vc90.mfc\mfcm90.dll
2011-01-24 12:20:54 655872 ----a-w- c:\temp\adobe dreamweaver cs5\software\microsoft.vc90.crt\msvcr90.dll
2011-01-24 12:20:54 572928 ----a-w- c:\temp\adobe dreamweaver cs5\software\microsoft.vc90.crt\msvcp90.dll
2011-01-24 12:20:54 3783672 ----a-w- c:\temp\adobe dreamweaver cs5\software\microsoft.vc90.mfc\mfc90u.dll
2011-01-24 12:20:54 3768312 ----a-w- c:\temp\adobe dreamweaver cs5\software\microsoft.vc90.mfc\mfc90.dll
2011-01-24 12:20:54 225280 ----a-w- c:\temp\adobe dreamweaver cs5\software\microsoft.vc90.crt\msvcm90.dll
2011-01-24 12:20:54 161784 ----a-w- c:\temp\adobe dreamweaver cs5\software\microsoft.vc90.atl\atl90.dll
2011-01-24 12:20:53 911800 ----a-w- c:\temp\adobe dreamweaver cs5\read me\amtlib.dll
2011-01-24 12:20:41 -------- d-----w- C:\temp
2011-01-24 03:16:03 -------- d-sh--w- c:\documents and settings\narada\PrivacIE
2011-01-24 03:16:01 -------- d-----w- c:\docume~1\narada\locals~1\applic~1\AskToolbar
2011-01-24 03:07:56 -------- d-sh--w- c:\documents and settings\narada\IETldCache
2011-01-24 02:58:18 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-01-24 02:58:06 -------- dc-h--w- c:\windows\ie8

==================== Find3M ====================

2010-11-16 06:45:54 1238528 ----a-w- c:\windows\system32\zpeng25.dll

============= FINISH: 7:24:19.48 ===============

BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:57 AM

Posted 07 February 2011 - 04:59 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:57 AM

Posted 11 February 2011 - 01:06 PM

Do you still need help?

Best Regards,
oneof4.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:57 AM

Posted 15 February 2011 - 12:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:57 AM

Posted 03 March 2011 - 11:53 AM

Topic reopened.

Please follow the instructions given in this post.

Another staff member will be along to assist you shortly once you have replied.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 Dan V

Dan V
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 03 March 2011 - 06:17 PM

Hi
My thread here was closed
because I did not answer whether I still needed help.
I believe I did subscribe to this thread as explained
but I did not receive an email saying I had a reply
and it is not in my spambox either.

I did not bump the submission for help as you had explained not to.

I have downloaded and run the programs as asked. See below for reports

I would like to update with the following info

There are 5 laptops sharing the same ADSL wireless modem connection at my home.
4 of them have this problem including 3 windows XP machines and one Mac.
All 4 machines pop up unrequested browser windows.
The machines do not visit the same websites as far as I know.
Is it possible that the ADSL modem can be infected?
I am in Australia. I shall probably contact my ISP tomorrow and ask them as well.

Another strange fact is that installing Opera and Chrome on my machine
did not avoid the problem which happens in all 4 browsers.

Most unrequested pages seem to go through a site called epoclick and end at a Google search page
though many also end at random business pages.

Thanks - Dan Vantari
________________________________
GMER

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-03 21:51:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000006c ST9120822AS rev.3.BHD
Running: hxm6bxu3.exe; Driver: C:\DOCUME~1\Narada\LOCALS~1\Temp\kwlyypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAA9DB534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAA9D5782]
SSDT B0F4ADF6 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAA9DBCC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAA9EEEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAA9EF2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAA9F8916]
SSDT B0F4ADEC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAA9DBDF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAA9D6398]
SSDT B0F4ADFB ZwDeleteKey
SSDT B0F4AE05 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAA9EDDF0]
SSDT B0F4AE0A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAA9F6B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAA9D5FAA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAA9F11CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAA9F0DF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAA9F78D2]
SSDT B0F4AE14 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAA9DB0F4]
SSDT B0F4AE0F ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAA9DB7DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAA9D675C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAA9F7E12]
SSDT B0F4AE00 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAA9EFF0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAA9EFC86]

Code AAD93C9C ZwRequestPort
Code AAD93D3C ZwRequestWaitReplyPort
Code AAD93BFC ZwTraceEvent
Code AAD93C9B NtRequestPort
Code AAD93D3B NtRequestWaitReplyPort
Code AAD93BFB NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504508 12 Bytes [C0, BC, 9D, AA, B4, EE, 9E, ...]
.text ntkrnlpa.exe!NtTraceEvent 805350F8 5 Bytes JMP AAD93C00
PAGE ntkrnlpa.exe!NtRequestPort 805A2A2E 5 Bytes JMP AAD93CA0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D5A 5 Bytes JMP AAD93D40
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB952B360, 0x2255BD, 0xE8000020]
.text win32k.sys!EngAcquireSemaphore + 2642 BF8089B6 5 Bytes JMP AAD93480
.text win32k.sys!EngFreeUserMem + 5502 BF80EE6D 5 Bytes JMP AAD933E0
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP AAD93A20
.text win32k.sys!EngSetLastError + 7659 BF82868D 5 Bytes JMP AAD935C0
.text win32k.sys!EngLockSurface + 148C BF834FAB 5 Bytes JMP AAD93700
.text win32k.sys!EngCreateBitmap + D9AD BF845875 5 Bytes JMP AAD93660
.text win32k.sys!EngMultiByteToWideChar + 2F22 BF8527E2 5 Bytes JMP AAD938E0
.text win32k.sys!EngGradientFill + 5121 BF8B3D3F 5 Bytes JMP AAD93520
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP AAD937A0
.text win32k.sys!PATHOBJ_bCloseFigure + 19D0 BF8ED993 5 Bytes JMP AAD93980
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP AAD93AC0
.text win32k.sys!EngCreateClip + 1F24 BF912BA2 5 Bytes JMP AAD93B60
.text win32k.sys!EngCreateClip + 256A BF9131E8 5 Bytes JMP AAD93840

---- User code sections - GMER 1.0.15 ----

.text D:\Programs\Web\FireFox\firefox.exe[2724] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 D:\Programs\Web\FireFox\firefox.exe (Firefox/Mozilla Corporation)
.text D:\Programs\Web\FireFox\firefox.exe[2724] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01131D10 C:\Documents and Settings\Narada\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text D:\Programs\Web\FireFox\firefox.exe[2724] kernel32.dll!GetTempFileNameW 7C8359CF 5 Bytes JMP 01132040 C:\Documents and Settings\Narada\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text D:\Programs\Web\FireFox\plugin-container.exe[5768] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F31D10 C:\Documents and Settings\Narada\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text D:\Programs\Web\FireFox\plugin-container.exe[5768] kernel32.dll!GetTempFileNameW 7C8359CF 5 Bytes JMP 00F32040 C:\Documents and Settings\Narada\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder 4/Applian Technologies, Inc.)
.text D:\Programs\Web\FireFox\plugin-container.exe[5768] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040C35B D:\Programs\Web\FireFox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA9E0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA9E04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA9E0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA9DEC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA9DEC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA9E0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA9E04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA9E0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA9E0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA9DEC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA9E0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA9E04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA9E0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA9E04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA9E0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA9DEC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA9E0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA9E04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA9E0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AA9E0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AA9E04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AA9DEC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AA9E0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA9E0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA9DEC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA9E0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA9E04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

________________________
OTL

OTL logfile created on: 3/03/2011 9:09:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Narada\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 12.64 Gb Free Space | 43.15% Space Free | Partition Type: NTFS
Drive D: | 82.49 Gb Total Space | 2.21 Gb Free Space | 2.68% Space Free | Partition Type: NTFS
Drive E: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STARBASE | User Name: Narada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/03 21:01:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Narada\Desktop\OTL.exe
PRC - [2011/03/03 09:06:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Programs\Web\FireFox\plugin-container.exe
PRC - [2011/03/03 09:06:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Programs\Web\FireFox\firefox.exe
PRC - [2011/01/18 01:51:54 | 000,093,400 | ---- | M] (© Bing corporation) -- C:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe
PRC - [2011/01/13 01:35:54 | 000,405,736 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programs\SystemTools\Sandboxie\SbieCtrl.exe
PRC - [2011/01/13 01:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programs\SystemTools\Sandboxie\SbieSvc.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Programs\SystemTools\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/11/16 17:46:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- D:\Programs\Web\ZoneAlarm\zlclient.exe
PRC - [2010/10/13 11:41:00 | 002,954,608 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/10/13 11:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/10/13 11:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/10/13 11:40:54 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/06/27 03:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- D:\Programs\Web\FreecorderToolbar\FLVSrvc.exe
PRC - [2010/02/26 16:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programs\SystemTools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/30 00:23:42 | 001,106,400 | ---- | M] (Acronis) -- D:\Programs\SystemTools\acronis\TrueImageMonitor.exe
PRC - [2006/06/29 19:06:32 | 001,848,150 | ---- | M] (Acronis) -- D:\Programs\SystemTools\acronis\TimounterMonitor.exe
PRC - [2006/06/29 19:06:00 | 000,126,976 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe


========== Modules (SafeList) ==========

MOD - [2011/03/03 21:01:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Narada\Desktop\OTL.exe
MOD - [2011/03/03 14:38:37 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Narada\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2008/04/14 06:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 01:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programs\SystemTools\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programs\SystemTools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/10/13 11:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/10/13 11:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2011/01/22 17:03:54 | 000,388,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/01/22 17:03:54 | 000,032,288 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/01/22 17:03:50 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/01/22 12:52:13 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/01/13 01:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programs\SystemTools\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/05 13:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/05 13:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/05 13:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/07/27 14:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 11:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/03/05 23:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 00:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 00:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 17:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whitesmokestart.com/?cfg=2-267-0-3d8gx
IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/advanced_search?hl=en
IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/advanced_search?hl=en"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.5.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15439&locale=en_US&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: D:\Programs\Web\FireFox\components [2011/03/03 09:06:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: D:\Programs\Web\FireFox\plugins [2011/03/03 09:06:11 | 000,000,000 | ---D | M]

[2011/02/21 19:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Extensions
[2011/02/21 19:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/03 20:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions
[2011/01/29 10:44:16 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/01/29 10:44:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions\engine@conduit.com
[2011/01/31 23:19:32 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions\firebug@software.joehewitt.com
[2011/01/23 15:12:25 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions\support@lastpass.com
[2011/01/22 15:42:56 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\searchplugins\askcom.xml
[2010/10/20 14:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\searchplugins\conduit.xml
[2011/02/21 19:40:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/22 13:34:17 | 000,000,000 | ---D | M] (Skype extension) -- D:\PROGRAMS\WEB\FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011/02/21 19:40:54 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMS\WEB\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/02/21 19:52:04 | 000,001,860 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 link-assistant.com
O1 - Hosts: 127.0.0.1 www.link-assistant.com
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\SystemTools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Programs\SystemTools\acronis\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Programs\SystemTools\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] D:\Programs\Web\FreecorderToolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [jkss.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe (© Bing corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programs\SystemTools\acronis\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Programs\Web\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003..\Run: [SandboxieControl] D:\Programs\SystemTools\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003..\Run: [SpybotSD TeaTimer] D:\Programs\SystemTools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Narada\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Multi\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Multi\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\SystemTools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/22 11:58:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/03 21:01:37 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Narada\Desktop\OTL.exe
[2011/03/02 12:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Local Settings\Application Data\TechSmith
[2011/03/02 12:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/03/02 12:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
[2011/03/02 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/02 12:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2011/02/25 14:01:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/02/25 14:01:04 | 000,215,040 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM92.DLL
[2011/02/25 14:01:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/02/25 14:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4500 series
[2011/02/25 14:00:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/02/25 13:53:59 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2011/02/24 19:38:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/02/22 13:55:17 | 000,415,176 | ---- | C] (Microsoft Corporation ) -- C:\WINDOWS\System32\comct332.ocx
[2011/02/22 13:55:17 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2011/02/21 19:40:53 | 000,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2011/02/21 19:40:53 | 000,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/21 19:40:53 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/21 19:40:53 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/21 19:40:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/21 19:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/02/21 19:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\Sun
[2011/02/21 09:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/19 20:30:49 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2011/02/19 20:28:29 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2011/02/19 20:28:29 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2011/02/19 20:28:27 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/02/19 20:28:27 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2011/02/19 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/02/19 20:03:15 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2011/02/19 20:03:14 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2011/02/19 20:03:14 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2011/02/19 20:03:14 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2011/02/19 20:03:14 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2011/02/19 20:03:14 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2011/02/19 20:03:14 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2011/02/19 20:03:14 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2011/02/19 20:03:14 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2011/02/19 20:03:13 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2011/02/19 20:03:13 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2011/02/19 20:03:13 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2011/02/19 20:03:13 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2011/02/19 19:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\WhiteSmoke
[2011/02/19 19:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhiteSmoke
[2011/02/19 19:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke
[2011/02/19 19:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2011/02/18 20:19:09 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2011/02/18 20:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/02/18 20:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/02/18 20:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/02/18 20:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/02/18 20:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/02/18 20:15:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/18 18:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Start Menu\Programs\SequoiaView
[2011/02/18 09:37:27 | 000,650,752 | ---- | C] (Dan Vantari) -- C:\WINDOWS\System32\sszonem.scr
[2011/02/11 21:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\dvdcss
[2011/02/11 18:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Local Settings\Application Data\Opera
[2011/02/11 18:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\Opera
[2011/02/11 18:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/02/10 10:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\WinRAR
[2011/02/10 10:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Start Menu\Programs\WinRAR
[2011/02/10 10:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/02/10 10:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/02/09 23:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/02/09 10:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Local Settings\Application Data\Help
[2011/02/09 10:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\Help
[2011/02/07 11:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\My Documents\MyVids
[2011/02/05 07:44:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/05 06:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Start Menu\Programs\HiJackThis
[2011/02/03 18:20:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Narada\My Documents\My Dropbox
[2011/02/03 18:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Start Menu\Programs\Dropbox
[2011/02/03 18:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\Dropbox
[2011/02/03 00:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\vlc
[2011/02/03 00:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/03 00:37:52 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/02/03 00:37:41 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/02/03 00:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/03 21:04:28 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\hxm6bxu3.exe
[2011/03/03 21:01:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Narada\Desktop\OTL.exe
[2011/03/03 21:01:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/03 18:23:15 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-1417001333-1003UA.job
[2011/03/03 14:42:14 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/03 14:42:14 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/03 14:38:25 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/03 14:37:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/03 14:37:45 | 2112,466,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/03 10:51:55 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Narada\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/03/02 23:20:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-1417001333-1003Core.job
[2011/03/02 12:46:56 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/03/02 12:46:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/02 09:38:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/01 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-STARBASE-Narada.job
[2011/02/27 01:13:06 | 000,614,849 | ---- | M] () -- C:\Documents and Settings\Narada\My Documents\Summerland2.jpg
[2011/02/27 00:53:22 | 000,508,427 | ---- | M] () -- C:\Documents and Settings\Narada\My Documents\Summerland.jpg
[2011/02/26 00:30:47 | 000,000,477 | ---- | M] () -- C:\WINDOWS\BlogHatter.INI
[2011/02/26 00:17:46 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlogHatterPro.lnk
[2011/02/25 13:58:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2011/02/25 13:55:05 | 000,224,627 | ---- | M] () -- C:\Documents and Settings\Narada\My Documents\summerland-isaveonline-promo.pdf
[2011/02/22 02:27:29 | 000,454,160 | ---- | M] () -- C:\Documents and Settings\Narada\.linkassistant.properties
[2011/02/21 19:52:04 | 000,001,860 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/21 19:41:19 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\LinkAssistant.lnk
[2011/02/21 19:40:39 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2011/02/21 19:40:39 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/21 19:40:39 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/21 19:40:39 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/21 19:40:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/21 01:26:55 | 000,002,168 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011/02/19 20:03:15 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2011/02/19 19:58:12 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk
[2011/02/19 19:58:12 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk
[2011/02/19 19:58:12 | 000,001,328 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy WhiteSmoke.lnk
[2011/02/19 19:55:27 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\Improve Your PC.lnk

#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:57 AM

Posted 03 March 2011 - 07:56 PM

Hello Dan V, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

======

Thanks for the OTL log, however it appears that all of it didn't make it into the post. Would you double check in the C:\_OTL folder and repost it. Also, there should have been another log titled "Attach.txt" produced when you ran OTL; did you miss it?

Best Regards,
oneof4.


#8 Dan V

Dan V
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 03 March 2011 - 09:08 PM

Hi
Thanks for the reply.
I dont see a file called Attach.txt and the instructions above say
"Two reports will open, copy and paste them in a reply here:

* OTL.txt <-- Will be opened
* Extra.txt <-- Will be minimized "

I saved them to my desktop.
__________________________

Here is the OTL file again - I have checked that this is all of it.
__________________________

OTL logfile created on: 3/03/2011 9:09:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Narada\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 12.64 Gb Free Space | 43.15% Space Free | Partition Type: NTFS
Drive D: | 82.49 Gb Total Space | 2.21 Gb Free Space | 2.68% Space Free | Partition Type: NTFS
Drive E: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STARBASE | User Name: Narada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/03 21:01:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Narada\Desktop\OTL.exe
PRC - [2011/03/03 09:06:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Programs\Web\FireFox\plugin-container.exe
PRC - [2011/03/03 09:06:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Programs\Web\FireFox\firefox.exe
PRC - [2011/01/18 01:51:54 | 000,093,400 | ---- | M] (© Bing corporation) -- C:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe
PRC - [2011/01/13 01:35:54 | 000,405,736 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programs\SystemTools\Sandboxie\SbieCtrl.exe
PRC - [2011/01/13 01:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- D:\Programs\SystemTools\Sandboxie\SbieSvc.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Programs\SystemTools\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/11/16 17:46:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- D:\Programs\Web\ZoneAlarm\zlclient.exe
PRC - [2010/10/13 11:41:00 | 002,954,608 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/10/13 11:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/10/13 11:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/10/13 11:40:54 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/06/27 03:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- D:\Programs\Web\FreecorderToolbar\FLVSrvc.exe
PRC - [2010/02/26 16:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programs\SystemTools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/30 00:23:42 | 001,106,400 | ---- | M] (Acronis) -- D:\Programs\SystemTools\acronis\TrueImageMonitor.exe
PRC - [2006/06/29 19:06:32 | 001,848,150 | ---- | M] (Acronis) -- D:\Programs\SystemTools\acronis\TimounterMonitor.exe
PRC - [2006/06/29 19:06:00 | 000,126,976 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe


========== Modules (SafeList) ==========

MOD - [2011/03/03 21:01:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Narada\Desktop\OTL.exe
MOD - [2011/03/03 14:38:37 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Narada\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2008/04/14 06:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 01:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programs\SystemTools\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programs\SystemTools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/10/13 11:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/10/13 11:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2011/01/22 17:03:54 | 000,388,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/01/22 17:03:54 | 000,032,288 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/01/22 17:03:50 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/01/22 12:52:13 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/01/13 01:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programs\SystemTools\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/05 13:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/05 13:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/05 13:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Programs\SystemTools\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/07/27 14:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 11:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/03/05 23:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 00:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 00:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 17:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whitesmokestart.com/?cfg=2-267-0-3d8gx
IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/advanced_search?hl=en
IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/advanced_search?hl=en"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.5.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15439&locale=en_US&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: D:\Programs\Web\FireFox\components [2011/03/03 09:06:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: D:\Programs\Web\FireFox\plugins [2011/03/03 09:06:11 | 000,000,000 | ---D | M]

[2011/02/21 19:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Extensions
[2011/02/21 19:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/03 20:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions
[2011/01/29 10:44:16 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/01/29 10:44:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions\engine@conduit.com
[2011/01/31 23:19:32 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions\firebug@software.joehewitt.com
[2011/01/23 15:12:25 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\extensions\support@lastpass.com
[2011/01/22 15:42:56 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\searchplugins\askcom.xml
[2010/10/20 14:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Mozilla\Firefox\Profiles\lmwxp2fp.default\searchplugins\conduit.xml
[2011/02/21 19:40:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/22 13:34:17 | 000,000,000 | ---D | M] (Skype extension) -- D:\PROGRAMS\WEB\FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011/02/21 19:40:54 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMS\WEB\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/02/21 19:52:04 | 000,001,860 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 link-assistant.com
O1 - Hosts: 127.0.0.1 www.link-assistant.com
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\SystemTools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Programs\SystemTools\acronis\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Programs\SystemTools\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] D:\Programs\Web\FreecorderToolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [jkss.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe (© Bing corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programs\SystemTools\acronis\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Programs\Web\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003..\Run: [SandboxieControl] D:\Programs\SystemTools\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003..\Run: [SpybotSD TeaTimer] D:\Programs\SystemTools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Narada\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1482476501-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Multi\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Multi\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\SystemTools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/22 11:58:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/03 21:01:37 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Narada\Desktop\OTL.exe
[2011/03/02 12:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Local Settings\Application Data\TechSmith
[2011/03/02 12:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/03/02 12:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
[2011/03/02 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/02 12:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2011/02/25 14:01:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/02/25 14:01:04 | 000,215,040 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM92.DLL
[2011/02/25 14:01:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/02/25 14:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4500 series
[2011/02/25 14:00:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/02/25 13:53:59 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2011/02/24 19:38:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/02/22 13:55:17 | 000,415,176 | ---- | C] (Microsoft Corporation ) -- C:\WINDOWS\System32\comct332.ocx
[2011/02/22 13:55:17 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2011/02/21 19:40:53 | 000,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2011/02/21 19:40:53 | 000,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/21 19:40:53 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/21 19:40:53 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/21 19:40:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/21 19:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/02/21 19:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\Sun
[2011/02/21 09:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/19 20:30:49 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2011/02/19 20:28:29 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2011/02/19 20:28:29 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2011/02/19 20:28:27 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/02/19 20:28:27 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2011/02/19 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/02/19 20:03:15 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2011/02/19 20:03:14 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2011/02/19 20:03:14 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2011/02/19 20:03:14 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2011/02/19 20:03:14 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2011/02/19 20:03:14 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2011/02/19 20:03:14 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2011/02/19 20:03:14 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2011/02/19 20:03:14 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2011/02/19 20:03:13 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2011/02/19 20:03:13 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2011/02/19 20:03:13 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2011/02/19 20:03:13 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2011/02/19 19:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\WhiteSmoke
[2011/02/19 19:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhiteSmoke
[2011/02/19 19:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke
[2011/02/19 19:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2011/02/18 20:19:09 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2011/02/18 20:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/02/18 20:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/02/18 20:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/02/18 20:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/02/18 20:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/02/18 20:15:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/18 18:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Start Menu\Programs\SequoiaView
[2011/02/18 09:37:27 | 000,650,752 | ---- | C] (Dan Vantari) -- C:\WINDOWS\System32\sszonem.scr
[2011/02/11 21:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\dvdcss
[2011/02/11 18:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Local Settings\Application Data\Opera
[2011/02/11 18:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\Opera
[2011/02/11 18:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/02/10 10:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\WinRAR
[2011/02/10 10:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Start Menu\Programs\WinRAR
[2011/02/10 10:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/02/10 10:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/02/09 23:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/02/09 10:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Local Settings\Application Data\Help
[2011/02/09 10:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\Help
[2011/02/07 11:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\My Documents\MyVids
[2011/02/05 07:44:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/05 06:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Start Menu\Programs\HiJackThis
[2011/02/03 18:20:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Narada\My Documents\My Dropbox
[2011/02/03 18:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Start Menu\Programs\Dropbox
[2011/02/03 18:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\Dropbox
[2011/02/03 00:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Narada\Application Data\vlc
[2011/02/03 00:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/03 00:37:52 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/02/03 00:37:41 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/02/03 00:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/03 21:04:28 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\hxm6bxu3.exe
[2011/03/03 21:01:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Narada\Desktop\OTL.exe
[2011/03/03 21:01:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/03 18:23:15 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-1417001333-1003UA.job
[2011/03/03 14:42:14 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/03 14:42:14 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/03 14:38:25 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/03 14:37:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/03 14:37:45 | 2112,466,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/03 10:51:55 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Narada\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/03/02 23:20:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-1417001333-1003Core.job
[2011/03/02 12:46:56 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/03/02 12:46:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/02 09:38:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/01 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-STARBASE-Narada.job
[2011/02/27 01:13:06 | 000,614,849 | ---- | M] () -- C:\Documents and Settings\Narada\My Documents\Summerland2.jpg
[2011/02/27 00:53:22 | 000,508,427 | ---- | M] () -- C:\Documents and Settings\Narada\My Documents\Summerland.jpg
[2011/02/26 00:30:47 | 000,000,477 | ---- | M] () -- C:\WINDOWS\BlogHatter.INI
[2011/02/26 00:17:46 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlogHatterPro.lnk
[2011/02/25 13:58:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2011/02/25 13:55:05 | 000,224,627 | ---- | M] () -- C:\Documents and Settings\Narada\My Documents\summerland-isaveonline-promo.pdf
[2011/02/22 02:27:29 | 000,454,160 | ---- | M] () -- C:\Documents and Settings\Narada\.linkassistant.properties
[2011/02/21 19:52:04 | 000,001,860 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/21 19:41:19 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\LinkAssistant.lnk
[2011/02/21 19:40:39 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2011/02/21 19:40:39 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/21 19:40:39 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/21 19:40:39 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/21 19:40:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/21 01:26:55 | 000,002,168 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011/02/19 20:03:15 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2011/02/19 19:58:12 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk
[2011/02/19 19:58:12 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk
[2011/02/19 19:58:12 | 000,001,328 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy WhiteSmoke.lnk
[2011/02/19 19:55:27 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\Improve Your PC.lnk
[2011/02/18 22:03:46 | 004,056,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/18 20:19:27 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/02/18 18:14:23 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\SequoiaView.lnk
[2011/02/16 16:53:36 | 000,650,752 | ---- | M] (Dan Vantari) -- C:\WINDOWS\System32\sszonem.scr
[2011/02/15 09:57:55 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Narada\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/12 13:44:37 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2011/02/11 18:11:53 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Narada\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/02/11 18:11:53 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/02/09 23:51:14 | 000,104,416 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/05 06:59:57 | 000,002,022 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\HiJackThis.lnk
[2011/02/03 18:20:51 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Dropbox.lnk
[2011/02/03 18:20:50 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\Dropbox.lnk
[2011/02/03 14:10:23 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\Shortcut to Photoshop.exe.lnk
[2011/02/03 00:41:57 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/03 00:24:10 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Narada\Desktop\Spybot - Search & Destroy.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/03 21:04:20 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\hxm6bxu3.exe
[2011/03/02 12:46:56 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/02/27 01:13:02 | 000,614,849 | ---- | C] () -- C:\Documents and Settings\Narada\My Documents\Summerland2.jpg
[2011/02/27 00:45:03 | 000,508,427 | ---- | C] () -- C:\Documents and Settings\Narada\My Documents\Summerland.jpg
[2011/02/25 13:55:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FOXIT_PDF
[2011/02/25 13:54:57 | 000,224,627 | ---- | C] () -- C:\Documents and Settings\Narada\My Documents\summerland-isaveonline-promo.pdf
[2011/02/22 14:11:07 | 000,000,477 | ---- | C] () -- C:\WINDOWS\BlogHatter.INI
[2011/02/22 13:55:18 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlogHatterPro.lnk
[2011/02/21 19:48:13 | 000,454,160 | ---- | C] () -- C:\Documents and Settings\Narada\.linkassistant.properties
[2011/02/21 19:41:19 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\LinkAssistant.lnk
[2011/02/19 20:30:54 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011/02/19 20:30:54 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011/02/19 20:28:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/02/19 20:03:15 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2011/02/19 20:03:14 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2011/02/19 20:03:14 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2011/02/19 20:03:13 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2011/02/19 20:03:13 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2011/02/19 20:03:13 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2011/02/19 20:03:13 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2011/02/19 20:03:12 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2011/02/19 20:03:12 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2011/02/19 19:58:12 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\Narada\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk
[2011/02/19 19:58:12 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk
[2011/02/19 19:58:12 | 000,001,328 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy WhiteSmoke.lnk
[2011/02/19 19:55:27 | 000,001,086 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\Improve Your PC.lnk
[2011/02/18 20:19:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/18 18:14:23 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\SequoiaView.lnk
[2011/02/12 13:44:37 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2011/02/12 13:44:37 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2011/02/11 18:11:53 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Narada\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/02/11 18:11:53 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/02/11 18:11:53 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/02/09 23:51:14 | 000,104,416 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/05 09:05:09 | 2112,466,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/05 07:40:15 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\gmer.exe
[2011/02/05 06:59:57 | 000,002,022 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\HiJackThis.lnk
[2011/02/04 15:12:03 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Narada\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/02/03 18:20:51 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\Narada\Start Menu\Programs\Startup\Dropbox.lnk
[2011/02/03 18:20:50 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\Dropbox.lnk
[2011/02/03 14:10:23 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\Shortcut to Photoshop.exe.lnk
[2011/02/03 13:28:36 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/02/03 00:41:57 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/03 00:24:10 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Narada\Desktop\Spybot - Search & Destroy.lnk
[2011/01/25 21:48:14 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Narada\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/25 11:13:23 | 000,282,624 | ---- | C] () -- C:\Program Files\Microsoft .NET Framework 3.6 SP8.exe
[2011/01/22 22:43:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/22 22:42:19 | 004,056,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/22 13:41:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/22 13:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/22 13:23:43 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2011/01/22 13:09:42 | 000,002,168 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/01/22 12:48:32 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/01/22 12:00:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/22 11:55:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/20 20:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 20:58:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/20 20:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 20:58:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/20 20:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 20:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 20:58:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/20 20:58:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/20 20:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2001/08/23 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 23:00:00 | 000,392,864 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 23:00:00 | 000,058,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 23:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:57 AM

Posted 03 March 2011 - 10:27 PM

My bad Dan, it was "Extra.txt" I was referring to, not "Attach.txt"...sorry.

BTW, if you still have "Extra.txt", could you please post it too. :wink:

Best Regards,
oneof4.


#10 Dan V

Dan V
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 05 March 2011 - 05:19 PM

Strange Im sure I posted this reply two days ago -
Oh well lets try again...

Extras.txt

___________________

OTL Extras logfile created on: 3/03/2011 9:09:31 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Narada\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 12.64 Gb Free Space | 43.15% Space Free | Partition Type: NTFS
Drive D: | 82.49 Gb Total Space | 2.21 Gb Free Space | 2.68% Space Free | Partition Type: NTFS
Drive E: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STARBASE | User Name: Narada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1659004503-1482476501-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programs\Web\FireFox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programs\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programs\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programs\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"D:\Programs\Web\BitTorrent\bittorrent.exe" = D:\Programs\Web\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"D:\Programs\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe" = D:\Programs\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS5 -- (Adobe Systems, Inc.)
"C:\Documents and Settings\Narada\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Narada\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AABF6D-55C5-4779-ABF9-992016E913A2}" = Micrografx Picture Publisher 10
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{108404C7-6C48-4F2F-84C5-654F2597A20F}_is1" = BlogHatter Pro 2010 v3.2
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{141D6DF3-9409-4761-FACB-1AA15B6C5C3C}" = Market Samurai
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{494A69C4-5E64-4AA4-B04F-6190E9A19192}" = Acronis True Image Server
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726E050-01FC-48C2-BC72-30B4616AAFC3}" = Password Depot 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"Artisteer 3" = Artisteer 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_HDAUDIO" = Conexant HD Audio
"conduitEngine" = Conduit Engine
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"ie8" = Windows Internet Explorer 8
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.01.1190" = Opera 11.01
"Pen Tablet Driver" = Bamboo
"Sandboxie" = Sandboxie 3.52
"seopowersuite" = LinkAssistant
"SequoiaView" = SequoiaView
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WhiteSmoke" = WhiteSmoke
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-1482476501-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/03/2011 12:48:49 AM | Computer Name = STARBASE | Source = Google Update | ID = 20
Description =

Error - 3/03/2011 1:23:15 AM | Computer Name = STARBASE | Source = Google Update | ID = 20
Description =

Error - 3/03/2011 1:48:49 AM | Computer Name = STARBASE | Source = Google Update | ID = 20
Description =

Error - 3/03/2011 2:23:15 AM | Computer Name = STARBASE | Source = Google Update | ID = 20
Description =

Error - 3/03/2011 2:48:49 AM | Computer Name = STARBASE | Source = Google Update | ID = 20
Description =

Error - 3/03/2011 3:23:15 AM | Computer Name = STARBASE | Source = Google Update | ID = 20
Description =

Error - 3/03/2011 3:48:49 AM | Computer Name = STARBASE | Source = Google Update | ID = 20
Description =

Error - 3/03/2011 5:50:40 AM | Computer Name = STARBASE | Source = Google Update | ID = 20
Description =

Error - 3/03/2011 6:07:36 AM | Computer Name = STARBASE | Source = Application Hang | ID = 1002
Description = Hanging application WSEnrichment.exe, version 1.0.6029.9, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/03/2011 6:07:39 AM | Computer Name = STARBASE | Source = Application Hang | ID = 1002
Description = Hanging application WSEnrichment.exe, version 1.0.6029.9, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 15/02/2011 2:14:00 AM | Computer Name = STARBASE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 16/02/2011 12:24:12 AM | Computer Name = STARBASE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 16/02/2011 12:24:14 AM | Computer Name = STARBASE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 16/02/2011 12:24:16 AM | Computer Name = STARBASE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 16/02/2011 12:24:19 AM | Computer Name = STARBASE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 16/02/2011 1:46:55 AM | Computer Name = STARBASE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 18/02/2011 1:55:23 AM | Computer Name = STARBASE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AntiVirSchedulerService service.

Error - 19/02/2011 7:17:59 AM | Computer Name = STARBASE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 19/02/2011 10:14:36 PM | Computer Name = STARBASE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AntiVirSchedulerService service.

Error - 20/02/2011 11:44:07 PM | Computer Name = STARBASE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:57 AM

Posted 07 March 2011 - 01:10 PM

Hello Dan V :)


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Best Regards,
oneof4.


#12 Dan V

Dan V
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 08 March 2011 - 07:40 PM

looks like a clean scan ? -


2011/03/09 11:29:07.0046 3608 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/09 11:29:09.0046 3608 ================================================================================
2011/03/09 11:29:09.0046 3608 SystemInfo:
2011/03/09 11:29:09.0046 3608
2011/03/09 11:29:09.0046 3608 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/09 11:29:09.0046 3608 Product type: Workstation
2011/03/09 11:29:09.0046 3608 ComputerName: STARBASE
2011/03/09 11:29:09.0046 3608 UserName: Narada
2011/03/09 11:29:09.0046 3608 Windows directory: C:\WINDOWS
2011/03/09 11:29:09.0046 3608 System windows directory: C:\WINDOWS
2011/03/09 11:29:09.0046 3608 Processor architecture: Intel x86
2011/03/09 11:29:09.0046 3608 Number of processors: 2
2011/03/09 11:29:09.0046 3608 Page size: 0x1000
2011/03/09 11:29:09.0046 3608 Boot type: Normal boot
2011/03/09 11:29:09.0046 3608 ================================================================================
2011/03/09 11:29:09.0328 3608 Initialize success
2011/03/09 11:29:28.0546 2204 ================================================================================
2011/03/09 11:29:28.0546 2204 Scan started
2011/03/09 11:29:28.0546 2204 Mode: Manual;
2011/03/09 11:29:28.0546 2204 ================================================================================
2011/03/09 11:29:28.0937 2204 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
2011/03/09 11:29:29.0031 2204 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/09 11:29:29.0093 2204 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/09 11:29:29.0156 2204 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/09 11:29:29.0187 2204 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/03/09 11:29:29.0312 2204 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/03/09 11:29:29.0375 2204 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/09 11:29:29.0484 2204 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/09 11:29:29.0515 2204 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/09 11:29:29.0562 2204 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/09 11:29:29.0609 2204 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/09 11:29:29.0812 2204 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programs\SystemTools\Avira\AntiVir Desktop\avgio.sys
2011/03/09 11:29:29.0906 2204 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/09 11:29:29.0937 2204 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/09 11:29:30.0031 2204 BCM43XX (c1813dfc127ab556f31b2dfc5517c4c7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/09 11:29:30.0140 2204 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/09 11:29:30.0234 2204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/09 11:29:30.0328 2204 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/09 11:29:30.0437 2204 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/09 11:29:30.0500 2204 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/09 11:29:30.0546 2204 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/09 11:29:30.0640 2204 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/09 11:29:30.0687 2204 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/09 11:29:30.0796 2204 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/09 11:29:30.0859 2204 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/09 11:29:30.0937 2204 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/09 11:29:30.0968 2204 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/09 11:29:31.0046 2204 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/09 11:29:31.0109 2204 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/09 11:29:31.0156 2204 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/09 11:29:31.0203 2204 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/09 11:29:31.0218 2204 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/09 11:29:31.0265 2204 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/09 11:29:31.0312 2204 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/09 11:29:31.0375 2204 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/09 11:29:31.0406 2204 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/09 11:29:31.0437 2204 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/09 11:29:31.0500 2204 HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/03/09 11:29:31.0562 2204 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/09 11:29:31.0609 2204 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/09 11:29:31.0656 2204 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/09 11:29:31.0734 2204 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/09 11:29:31.0781 2204 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/09 11:29:31.0843 2204 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/09 11:29:31.0890 2204 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/09 11:29:31.0906 2204 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/09 11:29:31.0937 2204 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/09 11:29:32.0000 2204 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/09 11:29:32.0046 2204 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/09 11:29:32.0078 2204 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/09 11:29:32.0109 2204 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/09 11:29:32.0156 2204 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/09 11:29:32.0234 2204 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/09 11:29:32.0328 2204 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/09 11:29:32.0375 2204 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/09 11:29:32.0421 2204 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/09 11:29:32.0453 2204 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/09 11:29:32.0484 2204 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/09 11:29:32.0515 2204 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/09 11:29:32.0562 2204 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/09 11:29:32.0593 2204 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/09 11:29:32.0656 2204 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/09 11:29:32.0718 2204 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/09 11:29:32.0765 2204 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/09 11:29:32.0812 2204 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/09 11:29:32.0859 2204 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/09 11:29:32.0875 2204 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/09 11:29:32.0906 2204 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/09 11:29:32.0968 2204 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/09 11:29:32.0984 2204 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/09 11:29:33.0015 2204 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/09 11:29:33.0046 2204 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/09 11:29:33.0078 2204 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/09 11:29:33.0093 2204 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/09 11:29:33.0125 2204 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/09 11:29:33.0156 2204 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/09 11:29:33.0203 2204 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/09 11:29:33.0218 2204 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/09 11:29:33.0265 2204 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/09 11:29:33.0328 2204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/09 11:29:33.0468 2204 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/09 11:29:33.0703 2204 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/03/09 11:29:33.0718 2204 nvatabus (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/03/09 11:29:33.0734 2204 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/03/09 11:29:33.0781 2204 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/03/09 11:29:33.0796 2204 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/03/09 11:29:33.0890 2204 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/09 11:29:33.0906 2204 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/09 11:29:33.0984 2204 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/09 11:29:34.0031 2204 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/09 11:29:34.0078 2204 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/09 11:29:34.0125 2204 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/09 11:29:34.0203 2204 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/09 11:29:34.0328 2204 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/09 11:29:34.0406 2204 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/09 11:29:34.0796 2204 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
2011/03/09 11:29:34.0843 2204 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/09 11:29:34.0859 2204 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/09 11:29:34.0890 2204 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/09 11:29:34.0921 2204 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/09 11:29:35.0093 2204 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/09 11:29:35.0203 2204 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/09 11:29:35.0218 2204 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/09 11:29:35.0265 2204 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/09 11:29:35.0328 2204 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/09 11:29:35.0359 2204 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/09 11:29:35.0390 2204 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/09 11:29:35.0453 2204 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/09 11:29:35.0500 2204 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/09 11:29:35.0546 2204 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/03/09 11:29:35.0562 2204 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/03/09 11:29:35.0593 2204 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/03/09 11:29:35.0750 2204 SbieDrv (848c7a79dae9abccae1952ba561729f8) D:\Programs\SystemTools\Sandboxie\SbieDrv.sys
2011/03/09 11:29:35.0859 2204 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/09 11:29:35.0906 2204 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/09 11:29:35.0968 2204 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/09 11:29:36.0015 2204 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/09 11:29:36.0078 2204 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/09 11:29:36.0125 2204 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/03/09 11:29:36.0203 2204 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/09 11:29:36.0281 2204 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/09 11:29:36.0296 2204 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/09 11:29:36.0359 2204 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/09 11:29:36.0437 2204 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/09 11:29:36.0453 2204 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/09 11:29:36.0500 2204 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/09 11:29:36.0703 2204 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/09 11:29:36.0781 2204 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/09 11:29:36.0875 2204 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/09 11:29:36.0968 2204 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/09 11:29:37.0015 2204 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/09 11:29:37.0062 2204 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/09 11:29:37.0156 2204 tifsfilter (fd03a8ff9d4573246bd8e6d5371969e4) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/03/09 11:29:37.0171 2204 timounter (8061ee6fe61a27d6024da5e2d06a0418) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/03/09 11:29:37.0250 2204 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/09 11:29:37.0359 2204 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/09 11:29:37.0437 2204 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/09 11:29:37.0484 2204 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/09 11:29:37.0531 2204 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/09 11:29:37.0562 2204 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/09 11:29:37.0593 2204 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/09 11:29:37.0625 2204 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/09 11:29:37.0671 2204 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/09 11:29:37.0703 2204 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/09 11:29:37.0781 2204 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/09 11:29:37.0843 2204 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/03/09 11:29:37.0984 2204 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/03/09 11:29:38.0046 2204 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/03/09 11:29:38.0078 2204 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/03/09 11:29:38.0109 2204 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/09 11:29:38.0203 2204 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/09 11:29:38.0312 2204 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/09 11:29:38.0359 2204 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/09 11:29:38.0500 2204 ================================================================================
2011/03/09 11:29:38.0500 2204 Scan finished
2011/03/09 11:29:38.0500 2204 ================================================================================

#13 Dan V

Dan V
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 09 March 2011 - 07:46 AM

Hi - UPDATE

I took my computer into town and used a cafe internet.
No problems whatsoever.
Proof that it is not on my computer I reckon.
So now I go back to talk to the ISP again about
the possibility of it being in the modem?

I dont know if you are knowledgeable about this ?

If so I would like to describe what is probably an associated problem to the unrequested browser windows...

There has been a particularly innocuous site that I have been unable to get to for 6 weeks.
On the different ISP I had no problem at all.

Also I have AddThis social sharing widgets on my own websites
and for many weeks I have not been able to see them
but on the dif connection they were there too.

So something is blocking my access to certain innocuous sites as well.
But only a few of them.

Very weird if you ask me...

Any insights would be appreciated.

Thanks for you help

Dan V

#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:57 AM

Posted 09 March 2011 - 09:56 AM

Hello Dan V :)

There are some active malware issues that we need to deal with on your computer. They are probably the reason some things are being "blocked", so please perform the following:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
The Recovery Console step that follows does not apply to Vista or Windows 7

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.



After ComboFix finishes, please perform the following:


DNS Flush


Click Start > Run type in cmd and hit ENTER.


At the DOS prompt (C:\), type ipconfig /flushdns and hit ENTER.



Router Reset


On the back of your router there should be a "reset" button. This is usually a small recessed button, that is accessable with a small

pointed object, such as a paper clip.


Press in on the button until all lights, except possibly the power light, go out on the router.


Give the router a minute or two, and it should be back up and running.


Using your router's instruction manual, perform the steps necessary to change your log in and password.


If you have a problem understanding how to change your login and password, provide the brand and model number of your router in your

next reply, and I will try to research it.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Edited by oneof4, 09 March 2011 - 10:48 AM.

Best Regards,
oneof4.


#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:57 AM

Posted 14 March 2011 - 07:10 AM

Are you still with us Dan V?

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users